The enemy within: tackling insider threats

October 2017  |  COVER STORY  |  RISK MANAGEMENT

Financier Worldwide Magazine

October 2017 Issue

Insider threats have been increasing exponentially across the corporate world in recent years. The enemy within is now classed as one of the likeliest sources of a data security breach.

For any company unfortunate enough to find itself the victim of an insider attack, the consequences can be devastating. According to the ‘Insider Threat Spotlight Report 2017’, 53 percent of global companies estimate remediation costs in excess of $100,000, with 12 percent estimating a cost of more than $1m.

The report also reveals that 74 percent of companies feel vulnerable to insider threats, with 7 percent reporting extreme vulnerability. When placed alongside a recent Intel Security survey which found that 43 percent of data breaches occurred as a result of insider machinations, the magnitude of the issue becomes clear.

For companies, an effective response means setting goals and priorities for improvement, including raising the profile of insider threats, gaining buy-in from key stakeholders and improving the screening of employees and vendors that have access to critical assets.

Evil intent

For many of the companies featured in the Insider Threat Spotlight Report, an inadvertent data breach was the insider threat they were most concerned about, with 71 percent expressing this fear. Negligent behaviour and malicious data breaches were also cited by a majority of the companies surveyed.

In terms of the employees most likely to represent an insider threat, 60 percent of the companies stated that privileged users, such as managers with access to sensitive information, posed the greatest problem. This was closely followed by contractors and consultants and regular employees.

All training and technology should be applied in a culture where your workforce knows they are the first line of defence.

“The trusted employee with authorised access to corporate resources has an incredible potential to do good for the organisation,” says Bob Gourley, a partner at Cognitio Corp. “Unfortunately, the same employee can mistakenly click a link in a spoofed email or visit a malicious website and become the unwitting accomplice to a criminal syndicate seeking to extract corporate information. In another nightmare scenario, a trusted insider who is good one day may themselves become malicious and come in tomorrow with an evil intent. This behaviour may be impossible to spot until malicious activity is already underway, making it a very serious threat.”

Meaningful training

“If you believe, like I do, that all people are good in their core, and good companies are concentrations of good people, then that leads to an approach I call ‘loving your people’,” explains Mr Gourlay. “Policies should be in place that require meaningful training on how to reduce the risk of incidental infection through phishing attacks.”

Alongside meaningful training and a comfortable workplace culture, appropriate technologies also have an important role to play in mitigating the impact of malicious code when it penetrates an organisation. Indeed, many believe that technology can do much more to protect sensitive data from insider threats.

“All training and technology should be applied in a culture where your workforce knows they are the first line of defence,” continues Mr Gourlay. “These good people should know what to report and to whom, and this will include knowing when to report changes in behaviour by others in the workforce. Empowered and aware people will help you spot the person who has turned malicious faster than any technology ever will.”

New data laws

For good or ill, the forthcoming General Data Protection Regulation (GDPR) is expected to have a substantial impact on how companies detect and monitor potential insider threats, with the regulation calling on firms doing business with the EU to encrypt data and take appropriate steps to ensure privacy.

“The community is torn over whether or not the GDPR will actually improve overall security,” notes Mr Gourlay. “Some feel the requirement to protect personal information will make all data protection easier. Others feel the focus on protecting the privacy of citizens will detract from the protection of other important data. Compliance with important regulations like this should always be done with an eye toward improving overall security and that always means going beyond the simple requirements in the regulation. The GDPR by itself will not reduce the insider threat. But the mechanisms a company puts in place to meet GDPR requirements can be leveraged to ensure other appropriate controls are being leveraged.”

Going forward, as digitisation proliferates and rules and regulations continue to appear, tackling the enemy within is becoming ever more demanding. However, for companies savvy enough to develop robust insider threat frameworks and strategies, their chances of being able to effectively identify, analyse and ultimately eliminate such threats will be significantly enhanced.

© Financier Worldwide

BY

Fraser Tennant

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.