Simply put, an insider threat is a cyber attack that occurs when employees, ex-employees, contractors or partners act with intent to defraud or cause an accidental error. This can happen by simply clicking on or downloading hostile code from an unauthenticated link. Every user, either innocently or by design, represents a security problem to organisations. As a result, it’s not surprising that 77 percent of IT security personnel are concerned about the threat posed by insiders. What is surprising is that 28 percent don’t believe that insider threat detection and prevention is a priority for their organisation.
How to detect insider threats
Insider threat detection and prevention is all about getting the right balance between technology and users. Research shows that 80 percent of IT security incidents are a result of human error, but the human-risk factor is still considered insignificant by many organisations. While the importance of assessing the technology is recognised, focusing solely on technology and not on the user is guaranteed to lead to costly security incidents in the long run. Educating employees and partners can be an effective way to better protect an organisation and it is essential that CIOs and CISOs give time to this strategy.
Technology: From a technological standpoint, controlling users’ credentials and authorisation rights, whilst ensuring that access to your organisation’s information and data assets/resources is under strict control, is crucial to minimise risk. Many IT security experts accept that for organisations of all sizes and industries, a professional Identity and Access Management (I&AM) system and associated security policies is a sure way to guarantee proper controls (integration of technology, people and processes) and elementary security measures are in place.
People and processes: Security has to be a balance between technology and an organisation’s culture. If your people and processes aren’t effective enough and do not work together, there is no point investing in complex security technology. From this standpoint, the key element to insider threat prevention is effective, organisation-wide communication. Organisations must remember that users are the last line of defence when it comes to protecting their IT systems – and you are only as strong as your weakest link. Everyone in the organisation must be made aware of what is at stake and the consequences of an attack.
Whilst it is almost impossible to eliminate the risk of insider attacks completely, a carefully constructed and well-implemented security programme will reduce the likelihood of such incidents.
Written by: Olivier Morel, Pre-Sales Manager, Ilex International