Protecting data from the most common insider threats
Whether it is from hackers or malicious ex-employees, it’s commonly understood that one of the biggest threats to an organization’s data is people. But unintentional insider threats can be equally as risky, and unfortunately they are very common – accounting for 30 percent of all data breaches in 2017.
Given this, it’s crucial that companies understand the many potential avenues of data misuse, and put plans in place to identify and prevent future breaches made by trusted insiders. To better understand the current risk from insider threats and what organizations can do to mitigate those risks, Information Management spoke with Mike MeKee, chief executive officer at insider threat management company ObserveIT.
Information Management: What employees (or types) are typically the most likely to be insider data security risks?
Mike McKee: There are two types of employees who can put an organization’s critical systems or information at risk: those with ill intent and naïve users who unknowingly help attackers.
Malicious attackers often set out to sabotage a company, committing intellectual property (IP) theft, espionage, and fraud. Inadvertent threats, on the other hand – which accounted for 25 percent of data breaches in 2017 – are those people who unknowingly put their organizations at risk through cases of human error, bad judgment, phishing, malware, unintentionally aiding and abetting, and stolen credentials.
As far as types of employees, insider threats can include anyone close to a company who has authorized access to its critical information and systems. These can include former employees (i.e. those who have been resigned or terminated), privileged users such as IT teams and super users, knowledge workers such as analysts or developers, and trusted third parties such as vendors and contractors.
IM: What types of data do they generally put at risk?
McKee: Whether intentional or not, insiders can pose a massive threat to any organization across industries. According to SANS, one-third of all organizations have faced an insider threat situation, and the truth be told, the rest probably just doesn’t know it yet.
When insiders misuse access, they can negatively affect the confidentiality and integrity of an organization by compromising company systems, as well as sensitive data, including employee or customer records, financial information, intellectual property, product details and more.
Also, when carried out by malicious internal parties, which according to IBM is the cause of 31.5 percent of all cyberattacks, insider threats can go undetected for years. This not only provides unprecedented external access to organizational systems, but can result in millions of dollars in damage and remediation costs.
IM: What are the top ways insiders can accidentally compromise company systems and data?
McKee: When it comes to insider threats, some of the most common ways people can accidentally compromise company data include:
- Misunderstanding regulations: Every company must comply to a unique set of laws, commonplace mandates, and regulatory requirements. Whether it’s HIPPA, GDPR, PCI, SOX, NISPOM, or others, it’s critical that employees accurately understand how the necessary frameworks apply to their roles. Otherwise, they may make costly mistakes that put their company at risk.
- Sloppy personal security: Unsecured devices are one of the most common causes of accidental insider threats. Without knowing it, employees often put their organizations at risk through brightly lit computer screens, shared flash drives, lost building keycards and more.
- Using unapproved services: SaaS tools – such as cloud storage tools – are widely used in organizations, as they are help people more conveniently and efficiently complete their daily tasks. They, however, can be extremely unsafe and put companies at risk for massive data breaches.
- Forgetting to patch and upgrade: Not all employees regularly keep their devices updated and patched with the latest versions of software, as the process may slow them down in the middle of a work day. However, this can put their devices – and entire company – in danger, as hackers continue to identify new ways to access and override outdated systems, increasing the likelihood of malware attacks, phishing scams, and more.
IM: What can organizations do to mitigate these potential risks?
McKee: While there’s no way to completely eliminate the chance of an accidental internal threat, there are steps organizations can take to drastically reduce the potential risks. One of the most effective ways can include conducting regular trainings, so employees are aware of all applicable regulations they need to follow.
In addition, organizations should share resources and send regular reminders, highlighting the steps employees can take to ensure their devices are well secured at all times, and outlining the tools they can use to properly store and share data. Finally, organizations should also invest in automated patching and upgrading technology platforms, which can ensure devices are adequately, protected at all times.
IM: Is the problem of insider data security risks getting better, worse, or staying the same, and why so?
McKee: As technology continues to evolve, and both malicious and naïve attackers are identifying new avenues to compromise company information, the risk of insider threats continues to rise. Today, 60 percent of all cyber-attacks are carried out by insiders, according to IBM.
Further, Crowd Research Partners' 2017 Threat Monitoring, Detection and Response report
found that more than 50 percent of cybersecurity professionals reported growth in insider threats over the last year.
Given these continued risks, it’s crucial that organizations increase awareness among employees and invest in automated and behavior management solutions to detect, manage, and eliminate any potential threats.