By Stephen Voorhees, CISSP, Veriato The latest breach from an NSA contractor should remind everyone of a grim truism about leaks: the greatest threats to an organization come not from the outside, but from those within. Fact is, insiders pose a greater risk to your cyber security than the sum of all outside pernicious actors. It’s not that insiders necessarily have malicious intent. It’s that they may have system authentication privileges, as well as access to a variety of valuable digital assets—from your strategic plan and control systems to lists of customers and various accounts. That makes your precious data vulnerable. The producer of your web content is potentially a bigger danger than a cyber criminal operating half a world away. Why? That insider, whose job
entails uploading content to the site for the eyes only of certain executives, say—or of time sensitive material—can release it early or to other parties with potentially disastrous consequences to an organization’s reputation or finances. Someone in payroll or human resources, with access to employee social security numbers and other personal data, can easily exploit this information for gain. The same is true for those who have privileged access to your IT systems. Let’s take a closer look at why insiders pose such a significant threat. According to a recent survey
- 70% of those whose jobs entail special access to sensitive data think they are “empowered” by their employer to look at anything on the system, even if it’s not critical or relevant to their work.
- 66% look at “confident or private” data just out of curiosity.
- 58% of organizations “are unnecessarily granting” access privileges to employees that don’t require them.
Moreover, such insiders are often the point of entry for malware and ransomware:
- 48% of phishing ploys from outsiders target insiders with system access.
- 46% of malicious intrusions deliberately hit such insiders in order to get access to their privileged credentials.
Insiders need not be motivated by revenge, profit, or disgruntlement to pose a threat. These individuals may be as trustworthy and loyal as anyone in the organization. But they’re still high-risk employees because of their privileged access to sensitive data. They may exercise that privilege to examine information out of simple curiosity—and expose their authentication credentials to imposters with nefarious intent. Attackers can threaten them or their families into giving up that access. Sheer negligence by those who have privileged access causes 68% of all insider incidents. So how do you protect your company’s cyber assets from the very employees your organization relies on? Considering that insider threats cost organizations, on average, $4.3 million a year, what’s the best investment when it comes to prevention? Many organizations rely on data loss prevention tools that aim to prevent attacks from the outside. While some of these software programs are robust, they don’t address threats from within and, overall, have even in the best circumstances a 10% return on investment. Compulsory training for employees in cyber security is another popular gambit. Because its deployment costs are lower than data loss prevention technology, its ROI is better. But survey reports suggest that training lowers the overall costs of insider incidents by just 7%. No system is completely fail-safe. But user behavior analytics can lower the cost of insider threats by 26%. How? By establishing a baseline of normal activity for at-risk employees—and detecting and alerting the right authorities when someone’s use of system credentials deviates from those norms. Once an alert kicks in, a company can actively track the activities of insiders and move quickly if any infractions occur. Read the Monitoring High Risk Positions
whitepaper to learn more. Stephen Voorhees is a CISSP and Senior Sales Engineer at Veriato, which provides user and entity behavior analytics and user activity monitoring software.