Even advanced security systems are vulnerable to an insider – through malice or incompetence – opening the door or sharing information with outside actors. While many organisations’ IT departments focus their efforts primarily on hardening the organisation against external attacks, failing to understand “insider threats” can render these efforts meaningless.
There are three main categories of insider threats you need to be aware of:
Mistakes: This type of threat involves a person inside the organisation unintentionally helping a malicious outsider to access your data. They may fall victim to phishing, social engineering, or other efforts to mislead them and open an illegitimate link or untrusted document.
Stolen credentials: If an employee’s credentials are not carefully secured, they can be used by outsiders to gain access to your organisation. Credential-based attacks are more dangerous than mistakes, as the attacker can move around the organisation’s system freely and access, edit and delete anything that the employee could.
Malicious insiders: Disgruntled employees or those that take money to compromise your organisation form the most dangerous type of internal threat. They have both access to the system and familiarity with it, so they can do significant damage.
Recovering from the damage inflicted by internal threats is challenging. While mistakes often open the door to commodity malware, which backups and disaster recovery can often make up for, stolen credentials and malicious insiders can intentionally disable or destroy backups, leaving organisations vulnerable to blackmail or ransom.
To defend against internal threats, organisations must ensure that employees at every level practice basic cyber hygiene. Regularly changing passwords, using multi-factor authentication, frequent reminders to look out for the tell-tale signs of phishing, controlling access to data, and maintaining visibility over employees can all limit the impact of internal threats.
At the organisational level, running an organisation-wide risk assessment can reveal potential weaknesses that infiltrators may seek to take advantage of. Hardening these and creating policy changes to guard against internal threats are effective ways of reducing the damage that an employee mistake, intruder using compromised credentials, or malicious insider can inflict.
For the IT department, it is important to run tests to ensure that backups remain viable and keep an eye out for suspicious activity. If every employee maintains vigilance and effective security practices, the chances for internal threats to damage the organisation are significantly reduced.
Reliance acsn offers an advanced suite of solutions available to businesses looking to protect themselves from potential cyber risks of all kinds. Get in touch to discuss a solution that is right for you.