Samantha Humphries, security strategist at Exabeam takes a look at the various types of insiders that businesses need to look out for, before detailing how to build the best defence against the threat they pose.
When it comes to data protection, threats posed by legitimate users are often far more elusive and harder to detect than traditional external threats. Just last month, Canadian online shopping site Shopify became one of the latest victims, announcing that two members of its internal support team were able to steal sensitive data from more than 100 of the platform’s merchants before eventually being caught. The matter has since been turned over to the FBI, highlighting the seriousness of the offence. But what can organisations do to stop insider threats, many of whom have the means and opportunity to take whatever they want, whenever they want?
To effectively deal with an insider threat, businesses must first know exactly who/what they are dealing with. Threats come in various guises, but they can typically be broken down into four main categories:
Rogue employees are individuals that intentionally set out to steal company data, either out of vengeance or for personal profit. Unfortunately, rogue employees nearly always have an upper hand because their legitimate credentials allow them to fly under the radar for much longer than other threats.
Third-party insiders may not be fully-fledged employees but they often act in a similar capacity, which makes them just as much of a threat. Some may even work on site and have advanced knowledge of internal processes, giving them ample opportunity to steal sensitive data.
While rogue employees clearly pose a serious problem, a less obvious threat is happy but careless employees. These individuals are the ones who unintentionally click on links in phishing emails, leave their access pass lying around, or connect to the company network via unsecured public WiFi, giving criminals and hackers the ‘back door’ access they need.
Often the result of careless employees described above, compromised credentials are a real danger, allowing outside parties to evade security systems by entering the network using legitimate means. Breaches involving credential compromise often take a long time to identify because they appear to be legitimate users simply going about their business as usual.
Fortunately, businesses of all shapes and sizes now have a wide range of tools to use in the fight against insider threats, ranging from simple-but-effective measures like security training, through to powerful technology such as behavioural analytics:
The simplest and perhaps most important step is to effectively train employees, in order to mitigate risky behaviour and prevent them from becoming unintentional threats (as described above). Well trained employees will not only be able to avoid many of the most common phishing attacks and social engineering attempts, they can also serve as a frontline defence against disgruntled colleagues by spotting suspicious behaviour, making training an essential component of every effective cyber defence.
From a technology perspective, one of the most potent weapons currently available is user and entity behaviour analytics (UEBA). A key advantage of this innovative technology is its ability to use machine learning to quickly create a baseline of ‘normal activity’ for a business’s entire complement of employees (both internal and third party) and machines. Once baselines have been created, any major deviations from them are automatically flagged as potential security alerts, which security teams can then investigate. For example, if an employee in customer services is attempting to access sensitive financial records they’ve never accessed before, or logging on at 2am when their normal behaviour is to only log in between 9am and 5pm, behavioural analytics technology will pick up on this. Automated alerts combined with contextual information can help businesses identify insider threats significantly faster than manual analysis and investigation, making it an effective way to detect insider threat attacks before major damage is done.
In the ongoing battle against data theft, insider threats are one of the most potent enemies businesses face. However, by combining simple things like security training, with effective new technology such as behavioural analytics, many insider threats can be headed off much earlier than would otherwise be possible, keeping data safe and businesses’ reputations intact.
Read the latest edition of PCR’s monthly magazine below: