An “insider threat” is a security risk posed by a current or former employee or a business partner. This person has access to confidential company information and treats this information in an abusive or negligent manner – in other words, he or she steals the data. Conventional security measures typically focus on external attacks and are often unable to prevent harmful acts conducted from within.
According to Verizon‘s “2019 Data Breach Investigations Report”, 36 % of data abuse acts are committed by insiders. Internal perpetrators are responsible for 54% of incidents in the health sector and 34% in the public sector.
Internal offenders may act in full awareness of their wrongdoings or unintentionally. There are three types of perpetrators:
- The Malicious Insider – Someone with malicious intent who deliberately exploits his or her access privileges to steal information for financial or personal reasons. It could be an ex-employee holding a grudge against a former employer, or simply somebody who is out to sell secret information to competitors. Insiders have an advantage over outside attackers because they are familiar with the company’s security policies, procedures, and weaknesses.
- The Imprudent Insider – The most common type of inside threat: an innocent person who unintentionally jeopardizes the company’s safety by clicking on an unsafe link and thereby infecting the entire system with malware.
- The “Mole“ – A scammer posing as an employee or partner and has managed to gain access to a privileged network within the company.
How To Prevent These Four Common Insider Threats
1. Data access through remote access software
Problem: Most internal offenders will try to gain access to data from the outside, rather than from within the office, because the probability of being caught outside is much smaller. They will usually try to establish access using a remote connection.
Tip: Solid access rights to file servers and files are equally as important as maintaining protocol on operating systems and applications. Also, engaging stricter security checks for specific features and system access is key. Review your system configurations and try to assess which settings could improve your management, reporting, and security environment. Perpetrators are likely to attack outside of business hours and it is therefore advisable to consider limiting the times for remote system access.
2. Threats posed by partners and suppliers
Problem: By using your systems in a careless manner, third parties, such as contractors, freelancers, clients, suppliers or other service providers, might become a threat to your data.
Tipp: Implement a form of access management that limits the access rights of your partners according to the principle of least privilege. This way, you can prevent third parties from gaining access to data they do not actually need to carry out their jobs or tasks.
Also, make sure to review third-party accounts regularly to ensure that system privileges are withdrawn once the related work has been completed. Regular user access checks for employees and third parties are important security measures (see also Recertification of Access Rights)
3. Data loss through email and instant messaging apps
Problem: Confidential information that is sent out via email or IM app could easily fall into the wrong hands. Fortunately, it is quite simple to prevent this type of inside threat.
Tip: One of the most effective measures to intercept confidential information that is leaving the network is to set up a network analyzer that filters key words, attachments, etc. Client-based or server-based content filters are able to intercept and block outgoing confidential information. Likewise, perimeter-based or outsourced messaging security mechanisms provide content filters that are easy to manage.
Other threats that may arise through email services and messaging apps are phishing mails and other social engineering scams. Make sure your team members are sufficiently educated and trained for these matters.
4. Unsafe file sharing
Problem: File sharing software like Dropbox or Google Drive are not just practical – they also open the floodgates to data abuse. It is not the tools themselves that are the problem, but the way they are being used. One wrong configuration and your confidential data is ready to sail out into the world.
Tip: Do not take unnecessary risks and try to avoid dangerous file-sharing services. Instead, use secure tools, such as SharePoint Online, which allow you to stay in control.
The bottom line is: insiders are only a danger to data they actually have access to. You can significantly minimize this risk by implementing an end-to-end approach for managing access rights in your company. Make sure to monitor exactly who has access to what information and limit access rights to a minimum according to the principle of least privilege (“Need to Know”)!
An identity and access management software, such as tenfold, can provide great support for all tasks involved in access management. It is a centralized and automated, highly efficient tool. Find out more!