Last Updated on June 19, 2020 by Ashok Kumar
It’s an age-old debate amongst CISOs and other cybersecurity specialists – where should your IT Security budget go? Protecting against external hackers or insider threats?
More and more companies are beginning to take note of the damage that insiders can do, especially in the wake of some of the recent high profile, insider-driven breaches. However, the majority of organizations that we speak to are still diverting a large proportion of their IT budgets towards defending against external attacks.
So, where should you be focussing your cybersecurity efforts?
The Glamour of the External Hacker
Historically, cybersecurity breaches that occurred due to outsider threats tended to be more widely circulated in mainstream news and became the topic of a large number of movies and TV shows.
There is a certain glamour about an external hacker. A (perhaps misguided) image of a man in a hoodie, sitting in a dark room behind a glowing, green monitor. Myths perpetuated by TV shows such as Mr Robot and movies like Blackhat reinforce the idea that the greatest threat facing your organization is a targeted, sophisticated, external attack.
This simply isn’t the reality.
What many studies are telling us, including a survey conducted by Vanson Bourne, is that the vast majority (74%) of cybersecurity threats originate from within the organization. This means that you are almost three times as likely to experience a cyber-attack from one of your employees (or someone with access to your data) than you are from an external hacker. Insider threats can often go undetected for long periods of time, as generally the user responsible already has access to the data and may appear on the face of things to be acting normally. This is my insider threats are particularly dangerous.
In my opinion, and the opinion of Lepide, this is where the majority of your cybersecurity efforts and budget should be directed.
What is an Insider Threat?
Insider threats fall very loosely into three categories; accidental, opportunist and malicious.
Many insider threats originate as a result of pure carelessness on the part of your users. Perhaps they weren’t paying attention at the latest round of cybersecurity awareness training and, as a result, didn’t think twice about clicking on a suspicious link in an email. Or perhaps they ignored the many briefings about password policies and shared their password with numerous colleagues (a password which they use on multiple platforms). Whatever the reason is, many data breaches occurring through insiders can be put down to carelessness.
Slightly more alarming, is when an untrustworthy insider is given access to sensitive data that they perhaps should never have been able to see. They use this opportunity to steal the data and sell it on the black market for personal gain. This person may not be setting out to hurt the organization, but they should never have been allowed privileged levels of access in the first place.
Potentially the most damaging insider threats occur from malicious insiders, intent on doing damage to an organization’s reputation and bottom line. This is generally perpetrated by disgruntled employees or people looking to make personal profit off the misfortunes of the company.
How to Begin Defending Against Insider Threats
External threats, due to their portrayal in mainstream media (as discussed above), are well known about and it is perhaps easier to justify spending money on security solutions that defend against them. Because insider threats have historically taken a backseat in media, there is less known about the ways that you can defend against them.
Fortunately, thanks to new compliance mandates and very high-profile breaches perpetrated by insiders, there has been a focus shift. Organizations are now looking at ways to defend against insider threats – which is no easy task by the way.
There are two key things you need to do to defend against insider threats – get visibility and educate.
Visibility and insight into the changes being made to your data and the permissions surrounding it, is key to preventing many of the data breaches that insiders can cause. You need to know where your most sensitive data is (personally identifiable information, company secrets, financial information etc.) and who has the ability to access it. Make sure that you limit access to this data to only the people that need it to do their jobs. Deploy an auditing and monitoring solution to help you proactively and continuously track changes being made to this data. Such solutions should enable you to run reports and get real time alerts for suspicious changes.
Next, don’t underestimate the importance of education. Regularly training your employees on the latest cybersecurity threats, and the reasons behind strict password policies, should help you mitigate the risks of accidental insider threats.
If you need any help creating a cybersecurity plan that tackles the threat of the insider, come and talk to Lepide.