Mitigating the insider risk

Malicious insiders pose one of the biggest security threats and it is the risk that can be most difficult to manage. Organisations go to great lengths to protect themselves from external attacks, but the people who can do the most damage are sitting within their office walls.

There are two fundamental types of threat:

  • Accidental or negligent
  • Malicious

You can sub-categorise these types into much more specific groups, but broadly you must have an approach for each.

To prevent accidental or negligent breaches, you must reduce the likelihood by limiting access and increasing awareness. To prevent malicious insiders you must go further, monitoring for suspicious behaviour and taking action where necessary.

Mitigating the risks posed by malicious insiders is hard, but not impossible, with the simplest approaches often being the most effective.

 

Create robust authentication controls

Passwords are absolutely essential (we would hope obviously), and two-factor authentication should be standard-practice wherever possible. This doesn't prevent a concerted malicious insider attack, but does reduce the chance of casually shared passwords providing unauthorised access. SMS authentication and physical tokens enable your business to be better protected because they prevent a password being shared either by honest (if negligent) staff or someone aiming to sell access to outside parties.

"Robust" doesn't have to mean that you apply MI6 levels of authentication if not appropriate to your business. The controls have to be enough to allow individuals to do their work and not be so restrictive that it inhibits them from being productive.

If controls are too restrictive, they can actually create the opposite effect. It forces users to look for alternative and less secure methods to carry out their work. This is where the accidental/negligent distinction is important. When users circumvent standard policies, the breaches are not the result of an accident but their negligence. The solution is a combination of reasonable policies and good security awareness training for staff so that they understand the risks of any non-authorised methods.

 

Continuously review access privileges and processes

Circumstances change as business or departmental processes shift and users may not need ongoing access to the data and systems they have previously been given. The key action here is to remove unnecessary access. It can be easy to accept inertia and just carry on doing things the way they have always been done, but the right way to approach any question of access is – "would access be granted for this individual if they requested it now?"

When employees leave make sure you follow your leaver procedures and disable access rights to reduce the risk of ex-employees accessing business-critical files.

Additionally, ensure you keep accurate access control registers and audit them.

 

Look out for disenfranchised staff

These methods don't help with individuals who you trust and smile at you every day but are secretly using heightened access rights for malicious or illegal reasons: the silent enemy within.

For these malicious insiders, you must be proactive to prevent breaches. Use security tools that monitor for suspicious behaviour on the network. If you choose not to limit users by blocking USB ports for instance, you can still monitor their use and later block any suspect activity.

Prevention isn't just limited to the technology and by rolling out another new tool. Try to spot poor relations between your staff and your company early to head off the threat from such insiders. Examine their professional situation, including workload and pressures from peers. Malicious insiders are motivated by self-interest or retribution. You can't control people's personal desires, but you can influence their relationship with your company.

While these practices will go a long way in heading-off the risks posed by insiders, often businesses end up learning about malicious insiders the hard way. Commonly, businesses implement policies to address some potential vulnerabilities, or as a direct result of having been on the receiving end of an internal security incident.

Finally: visitors, cleaners, temp staff, external IT support, delivery personnel, the water cooler man who visits the office replacing bottles...the risk is not limited to your staff with employment contracts and signed information security policies. Beyond the basics of good supplier management and due-diligence the best advice here is simply to lock all computers as soon as a user leaves their workstation and to never leave third parties unaccompanied where data and systems are aceessable.

 

Contact us:

UK

Call free within the UK
0800 033 6633

Overseas

Outside the UK?
+44 (0)203 1771 910

General Enquires

contact@databarracks.com

Support

support@databarracks.com

Sales

sales@databarracks.com

Accounts

accounts@databarracks.com

Careers

recruitment@databarracks.com

Marketing

marketing@databarracks.com

Follow us:

LinkedIn
Twitter

Visit us:

Address:

Databarracks Ltd
1 Bridges Court
London
SW11 3BB

Get in touch:

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

This website uses cookies. To find out more, read our Cookies policy. By continuing to use the site, you consent to our use of cookies.