What is the Greatest Cybersecurity Threat We Face?

Hackers? No. Malware? Nope. Phishing? Not that either (although phishing is the #1 attack vector).

The greatest threats facing organizations of all sizes are coming from within. A Wall Street Journal article does a great job in explaining. We’ll take a closer look at the insider threat, as well as the inside threat, here.

The prototypical insider threat is the disgruntled employee who uses their authorized access to perform, intentionally or unintentionally, malicious activity against their own organization. We’ve worked so many cases where this malicious activity takes place right after a previously trusted employee feels mistreated – and then violates the trust afforded them. Insiders can cause damage to an organization, leak valuable information, steal money, or even take down the critical information technology infrastructure – bringing the business to a halt.

It’s important to note that the activity may not necessarily be intentional. Insider threats can be:

  • Malicious – The activity is intentional and meant to cause harm. This is exemplified by, “I’ll teach you how much you need me to protect you!”
  • Negligent – Harm is caused because the employee didn’t care enough to prevent it. This is exemplified by, “I didn’t think it (the alert, popup, ticket, etc) was a big deal.”
  • Accidental – Harm is caused, but not on purpose. This is exemplified by, “I clicked on the wrong button!”

 

Triggers to insider threat situations can include having a teammate who experiences:

  • Having external pressures, especially the need for more financial resources;
  • Getting passed up for promotion;
  • Feeling ignored;
  • Wanting, but not seeing, a career path;
  • Getting let go or fired;
  • Being overworked or task saturated;
  • Assigned duties beyond their current capabilities;
  • Being granted permissions beyond the need of their current role.

A key consideration when discussing the insider threat is the fact that trusted, valuable, honest, and hardworking teammates can become insider threats under the right circumstances. This is true because even good people can make bad decisions when under stress. Divorce, health issues, aging parents, natural disasters, medical bills, gambling problems, and more can put pressures on teammates. Those teammates may feel trapped and unable to get help, so desperation sets in. It’s the insider threat issue that underscores the need for a Security Department and Human Resources Department to collaborate on solutions that can help teammates from becoming an insider threat.

The Inside Threat.

There are two distinct but, obviously, closely named threats to organizations today that both come from the inside: insider and inside threats. As we’ve discussed above, the insider threat is that employee who causes harm to a company by misusing the authorized access granted them. The inside threat is when a bad actor gains unauthorized access to an organization’s internal resources from the inside. This distinction is critical for companies who do a great job of hiring and supporting teammates who never become an insider threat. These employees are loyal and over their long tenures gain access to more company systems and more sensitive information. When these employees have their accounts compromised, that compromised account becomes a critical inside threat to the company.

Mitigating the Insider and Inside Threats.

Organizations who take a classic (read: outdated) approach to security whereby impenetrable fences are built and, once inside, one is free to move about the company are most vulnerable to insider and inside threats. A security program that focuses all its resources on strong perimeter defenses do not protect from threats which are already inside the perimeter. Modern security approaches, such as Zero-Trust, add layers to the fences – including security internal to company systems.

The good news is that security practitioners can mitigate the insider and inside threats with many of the same tools. This is one reason why few programs differentiate between the two threats. An Insider Threat Program should mitigate both threats.

Your Content Goes Here

Mitigation Steps

  • Separation of Duties – Follow the best practice of “least privilege,” where team members have the appropriate access only to the information and resources they need to do their job.

  • Employee Assistance Programs – Providing resources to employees when they are faced with outside pressures can help them deal with those extra stressors plus build loyalty to the organization.

  • Great Culture – Fostering a great culture, where leadership and teammates look out for and support eachother.

  • Insider Threat Program – Implementing a formal program with a focus on insider risk.

  • Security Awareness Training – Ensuring your teammates are fully informed to ensure they can help themselves and each other.

Developing Your Own Insider Threat Program.

Many security practitioners may find it difficult to develop their own Insider Threat Program and communicate its purpose to their teammates. Often, an outside consultant can better develop a program and communicate such a sensitive topic. Overt Channel, LLC has the experience to assist you if you are looking to build out an Insider Threat Program. Contact us today to get started.

Insider threat. Inside Threat. Insider Threat Program. Separation of Duties. Least Privilege. Employee Assistance Programs.

SECURITY

SETS YOU FREE.