The effect of insider threats on cyber security
An insider threat describes possible security incidents that can originate from people within an organisation. These people can be employees, project workers, interns or even managers within the organisation.
Insider threats can appear in many forms including sabotage, theft of intellectual property or violation of data protection regulations. The reasons are manifold. Besides a purely financial motivation, deeply personal reasons can lead to wanting to harm one’s own company it is also possible that employees cause security incidents without intention or knowledge. Otherwise, external attackers might masquerade as insiders by taking over internal access permissions and accessing sensitive areas. Despite similar effects, scenarios these do not count as insider threats.
A study of the last two years found a doubling of incidents by insiders. [1]
An insider threat describes possible security incidents that can originate from people within an organisation. These people can be employees, project workers, interns or even managers within the organisation.
Insider threats can appear in many forms including sabotage, theft of intellectual property or violation of data protection regulations. The reasons are manifold. Besides a purely financial motivation, deeply personal reasons can lead to wanting to harm one’s own company it is also possible that employees cause security incidents without intention or knowledge. Otherwise, external attackers might masquerade as insiders by taking over internal access permissions and accessing sensitive areas. Despite similar effects, scenarios these do not count as insider threats.
A study of the last two years found a doubling of incidents by insiders.
Insider threats are very dangerous because they originate from inherently trustworthy people within an organisation. They are therefore more difficult to detect and prevent than typical threats from outside. To protect against insider threats, there are some recommendations to review and prepare. [2]
- Educate all employees about the importance of security and data protection. Provide an easily accessible process for responding to suspicious activity or threats and information on who to contact in case of suspicion.
- Implement policies for handling intellectual property and confidential information. Make sure that all employees are aware of these policies and their criminal consequences.
- Use robust access and authentication procedures to ensure that only authorised persons can access sensitive information. Minimise potential access only for roles and people who really need such data to perform their tasks.
- Monitor and log access to sensitive data and systems to identify potential threats early. Even after an incident, such data can help identify the perpetrator and the extent.
- In the event of suspected abuse or, for example, company exits, immediately restricted or withdraw the person’s rights.
- Conduct regular security reviews and audits to detect weaknesses in security measures and rights assignments.
Attention with particularly “powerful” users
Users with particularly extensive rights such as administrators or super-users play a special role in the szenario of insider threats. There should be a basic additional validation of the most important, highest authorities like the 4-eyes principle. In addition, ensure that the logging of activities is carried out in a tamper-proof manner and is secured against modification.
Insider threats are a widely underestimated security threat. It is important that all employees are involved in the security and protection of company data and know how to behave responsibly. By separating the most important roles and policies and minimising the assignment of rights, insider threats can at least be minimised.
Sources: