The enemy within: tackling insider threats
October 2017 | COVER STORY | RISK MANAGEMENT
Financier Worldwide Magazine
October 2017 Issue
Insider threats have been increasing exponentially across the corporate world in recent years. The enemy within is now classed as one of the likeliest sources of a data security breach.
For any company unfortunate enough to find itself the victim of an insider attack, the consequences can be devastating. According to the ‘Insider Threat Spotlight Report 2017’, 53 percent of global companies estimate remediation costs in excess of $100,000, with 12 percent estimating a cost of more than $1m.
The report also reveals that 74 percent of companies feel vulnerable to insider threats, with 7 percent reporting extreme vulnerability. When placed alongside a recent Intel Security survey which found that 43 percent of data breaches occurred as a result of insider machinations, the magnitude of the issue becomes clear.
For companies, an effective response means setting goals and priorities for improvement, including raising the profile of insider threats, gaining buy-in from key stakeholders and improving the screening of employees and vendors that have access to critical assets.
Evil intent
For many of the companies featured in the Insider Threat Spotlight Report, an inadvertent data breach was the insider threat they were most concerned about, with 71 percent expressing this fear. Negligent behaviour and malicious data breaches were also cited by a majority of the companies surveyed.
In terms of the employees most likely to represent an insider threat, 60 percent of the companies stated that privileged users, such as managers with access to sensitive information, posed the greatest problem. This was closely followed by contractors and consultants and regular employees.
“The trusted employee with authorised access to corporate resources has an incredible potential to do good for the organisation,” says Bob Gourley, a partner at Cognitio Corp. “Unfortunately, the same employee can mistakenly click a link in a spoofed email or visit a malicious website and become the unwitting accomplice to a criminal syndicate seeking to extract corporate information. In another nightmare scenario, a trusted insider who is good one day may themselves become malicious and come in tomorrow with an evil intent. This behaviour may be impossible to spot until malicious activity is already underway, making it a very serious threat.”
Meaningful training
“If you believe, like I do, that all people are good in their core, and good companies are concentrations of good people, then that leads to an approach I call ‘loving your people’,” explains Mr Gourlay. “Policies should be in place that require meaningful training on how to reduce the risk of incidental infection through phishing attacks.”
Alongside meaningful training and a comfortable workplace culture, appropriate technologies also have an important role to play in mitigating the impact of malicious code when it penetrates an organisation. Indeed, many believe that technology can do much more to protect sensitive data from insider threats.
“All training and technology should be applied in a culture where your workforce knows they are the first line of defence,” continues Mr Gourlay. “These good people should know what to report and to whom, and this will include knowing when to report changes in behaviour by others in the workforce. Empowered and aware people will help you spot the person who has turned malicious faster than any technology ever will.”
New data laws
For good or ill, the forthcoming General Data Protection Regulation (GDPR) is expected to have a substantial impact on how companies detect and monitor potential insider threats, with the regulation calling on firms doing business with the EU to encrypt data and take appropriate steps to ensure privacy.
“The community is torn over whether or not the GDPR will actually improve overall security,” notes Mr Gourlay. “Some feel the requirement to protect personal information will make all data protection easier. Others feel the focus on protecting the privacy of citizens will detract from the protection of other important data. Compliance with important regulations like this should always be done with an eye toward improving overall security and that always means going beyond the simple requirements in the regulation. The GDPR by itself will not reduce the insider threat. But the mechanisms a company puts in place to meet GDPR requirements can be leveraged to ensure other appropriate controls are being leveraged.”
Going forward, as digitisation proliferates and rules and regulations continue to appear, tackling the enemy within is becoming ever more demanding. However, for companies savvy enough to develop robust insider threat frameworks and strategies, their chances of being able to effectively identify, analyse and ultimately eliminate such threats will be significantly enhanced.
© Financier Worldwide
BY
Fraser Tennant