Insider Threats On the Rise! Here is a Plan to Stop Them| October 28, 2022
October is National Cybersecurity Awareness Month. Here at Concensus we believe in a multi-layered approach to ensure the protection of your most critical data. This article will discuss one of the most difficult types of attacks to detect are those performed by insiders. An “insider” would be anyone that has legitimate access to your company network and data. This would be via a login or other authorized connection such as a VPN.
Because all insiders have legitimate authorized system access, they bypass your external security defenses. Insider threats easily infiltrate those systems designed to keep intruders out. Since a logged-in user isn’t seen as an intruder, those security protections are not enforced. Concensus utilizes many of the same defenses we implement for our customers.
There are several troubling statistics from a recent report by Ponemon Institute that illustrate the importance of addressing the insider threat. Insider attacks are taking longer to detect and becoming more sophisticated.
The report found that over the last two years:
· The average cost of addressing insider threats has risen by 34%
· Insider attacks have increased by 44%
· It takes organizations over 80+ days to contain an insider threat, compared to 77 days in 2020
It’s important for companies to understand what makes up an insider threat. That’s the first step towards mitigation.
The Four Types of Insider Threats
The reason that insider threats can be hard to detect is that there is not just one kind. Employees, vendors, and even hackers can all perpetrate insider security breaches. To further complicate detection, some may be malicious and others accidental.
Here are the four main types of threats faced by company networks.
A marketing employee that is leaving the company downloads all of the CRM contacts and takes those contacts with them. This is a malicious theft of company data.
Concensus has responded to cyber attacks by previous employees that have even left malware behind as a result of being fired but access was not quickly remediated.
Some insider threats are due to untrained employees. They never mean to cause a data breach. However they accidentally share classified data on non-secure platforms. Or they may use an unprotected computer to access their business apps. Being completely unaware of the security consequences.
3rd Party Access to Your Systems
Most insurance companies inquire about your 3rd Party/vendors management if they have access to your key systems.
You need to ensure that these third parties are fully reviewed and vetted. Do this before you give them system access. Concensus is familiar with third party vendor controls and can help you implement them.
The number one cause of data breaches are compromised login credentials. Systems that are not protected with a secondary login (MFA) are more likely to be breached. Many users do not understand that there are millions of username/email/password lists out on the dark web that are used to launch unauthorized authentication.
Because they are using a known username/password to gain access to your systems those accounts now become an insider threat.
Ways to Mitigate the Insider Threats
While these insider threats can be difficult to detect after the fact you can put mitigation measures in place you can stop them. Being proactive is what keeps you from suffering a costly incident.
Here are some of the best tactics to reduce insider threat risk:
Multi-factor Authentication & Password Security
The best way to fight any credential theft is through multi-factor authentication. When employed you are not an easy target for them. While it is possible to bypass some multi-factor authentication, hackers have a very hard time getting past those 2nd factors without physical access.
Couple this with managed password security. This includes things like:
· Requiring strong passwords
· Use a business password manager (We recommend and implement several of these)
· Requiring unique passwords for all logins (see the business password manager)
· Never share accounts and passwords
Vulnerability Management and Patch Management
By performing a vulnerability scan of your systems on a weekly or monthly basis you are able to identify the most critical vulnerabilities. When identified they can be removed/patched and fixed. This is why here at Concensus we have put an emphasis on these scans and patching as a service. After Multi-Factor Authentication, this is the next most important mitigation you can take.
Background Checks on Employees and Contractors
At Concensus, when we hire a new employee, they must pass a thorough background check. A malicious candidate will typically have red flags in their work history. Many employers have this control in place but do not check for these flags of being malicious. Also, many employers do not do this requirement for contractors that are given access to key systems.
Data Security Management and Monitoring
Train employees on proper data handling and security policies governing sensitive information. Concensus can help you create a training plan and implement policies to help you identify and organize your data accordingly. On top of training however you can implement data loss protection (DLP) and monitor your key data stores (Shares, Mailboxes, Online collaboration) for sensitive data.
If you encrypt data and a system is compromised, you lessen the risk of that data being useful. If you think about ransomware and why it is so effective, you can turn the script around on them by encrypting your own data. Many organizations have PII data stored in structured databases or applications and protect them very well. However, users have access to query and download that data to their systems and that data (now in an unstructured/insecure format) is now exposed.
Do You Need Help?
Layered security solutions can help you mitigate insider threats. Concensus can help you with a robust yet affordable solution. Contact us today to get started.