6 tips how companies can recognise and prevent insider threats

19. December, 2022

The effect of insider threats on cyber security

An insider threat describes possible security incidents that can originate from people within an organisation. These people can be employees, project workers, interns or even managers within the organisation.

Insider threats can appear in many forms including sabotage, theft of intellectual property or violation of data protection regulations. The reasons are manifold. Besides a purely financial motivation, deeply personal reasons can lead to wanting to harm one’s own company it is also possible that employees cause security incidents without intention or knowledge.  Otherwise, external attackers might masquerade as insiders by taking over internal access permissions and accessing sensitive areas. Despite similar effects, scenarios these do not count as insider threats.

A study of the last two years found a doubling of incidents by insiders. [1]

An insider threat describes possible security incidents that can originate from people within an organisation. These people can be employees, project workers, interns or even managers within the organisation.

Insider threats can appear in many forms including sabotage, theft of intellectual property or violation of data protection regulations. The reasons are manifold. Besides a purely financial motivation, deeply personal reasons can lead to wanting to harm one’s own company it is also possible that employees cause security incidents without intention or knowledge.  Otherwise, external attackers might masquerade as insiders by taking over internal access permissions and accessing sensitive areas. Despite similar effects, scenarios these do not count as insider threats.

A study of the last two years found a doubling of incidents by insiders.

Insider threats are very dangerous because they originate from inherently trustworthy people within an organisation. They are therefore more difficult to detect and prevent than typical threats from outside. To protect against insider threats, there are some recommendations to review and prepare. [2]

  1. Educate all employees about the importance of security and data protection. Provide an easily accessible process for responding to suspicious activity or threats and information on who to contact in case of suspicion.
  2. Implement policies for handling intellectual property and confidential information. Make sure that all employees are aware of these policies and their criminal consequences.
  3. Use robust access and authentication procedures to ensure that only authorised persons can access sensitive information. Minimise potential access only for roles and people who really need such data to perform their tasks.
  4. Monitor and log access to sensitive data and systems to identify potential threats early. Even after an incident, such data can help identify the perpetrator and the extent.
  5. In the event of suspected abuse or, for example, company exits, immediately restricted or withdraw the person’s rights.
  6. Conduct regular security reviews and audits to detect weaknesses in security measures and rights assignments.

Attention with particularly “powerful” users

Users with particularly extensive rights such as administrators or super-users play a special role in the szenario of insider threats. There should be a basic additional validation of the most important, highest authorities like the 4-eyes principle. In addition, ensure that the logging of activities is carried out in a tamper-proof manner and is secured against modification.

Insider threats are a widely underestimated security threat. It is important that all employees are involved in the security and protection of company data and know how to behave responsibly. By separating the most important roles and policies and minimising the assignment of rights, insider threats can at least be minimised.

Sources:

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download