If your business has sensitive data, then you’ve probably invested a good amount of money into cyber security. But are hackers really the biggest threat to your business security?
Unfortunately, the biggest threat to businesses is often insider threats, which arise when trusted employees and other individuals cause damage to a business through theft of data and intellectual property, employing intentional acts of sabotage and by other means.
A study by Gartner, Inc forecasts that worldwide security spending will top $96 billion in 2018. As threats from hackers and outside sources rise, security is a growing concern for businesses and organizations.
According to a study done by Accenture, 69% of organizations interviewed said that they experienced theft or corruption of data due to internal sources while 57% reported similar threats from external sources. Although most businesses focus on preventing hackers and other external threats, insider threats are also a major problem that organizations need to focus on.
What is an insider threat?
An insider threat is a threat to an organization where an employee or person with internal access to a company uses that privilege to cause harm to the company by stealing valuable information or causing damage to business assets, such as computer systems and software.
Insider threats consist of both intentional malicious acts as well as accidental security breaches, which can include accidentally deleting data or sharing too much information or data with someone else.
An insider doesn’t necessarily have to be a current or former employee. Contractors or anyone else that has temporary access to a company and its systems can become a possible threat.
Malicious insider threats can arise for several reasons, including the following:
– Former or current employees can become disgruntled and wish to cause harm to their employer.
– Insiders might get paid by competitors to steal intellectual property or other confidential information. Or they might wish to start their own company to compete with their current employer.
– Insiders might steal for their own personal gain.
Although insiders often have legitimate access to a company’s systems, an insider can also be a hacker who can gain access if they are able to work on the company’s premises.
Examples of Insider Threats
Insider threats can range from data theft, to malicious sabotage and even personal violations like identity theft of fellow employees. Here are a few examples of insider threats.
– A city in the US was at a standstill in labor negotiations with union employees. Two employees managed to gain access to traffic signals at several intersections and disabled them. They also locked other people out and the city was unable to fix the issue for 4 days.
– An immigrations officer became disgruntled with his wife and put her on a terror watch list while she was in Pakistan. Despite her pleas, she was unable to re-enter the country for three years when his managers ran a background check and discovered what he had done.
– A manufacturing firm was having trouble trying to figure out how to manufacture a new item. One of the firm’s customers had their own successful operation manufacturing that item, so the manufacturing firm sent a couple of people over to “inspect some equipment”. Although cameras were not allowed, one person managed to photograph the manufacturing operation with his cell phone.
Awareness and employee training
Preventing insider threats start with training employees about awareness and prevention. Organizations need to teach employees and contractors what an insider threat is, how to detect warning signs from potentially malicious employees and contractors and how to avoid mistakes that can lead to security breaches.
Password Security – Employees should be taught to not share their access information with anyone else and how to keep their information secure.
Phishing – Teach employees how to recognize phishing attempts and to not click on links from unknown email senders.
Warning signs – Organizations need to train employees how to detect behavioral warning signs that may indicate a potential threat and also provide clear instructions on what to do to report such threats to the appropriate personnel. Employees should also keep their eyes open for other unusual activity, like their computer running slower than normal or other signs of malware.
FEMA also provides a free one hour training course called IS-915 that can be accessed online. This course trains IT and infrastructure employees on how to identify and react to insider threats:
https://training.fema.gov/is/courseoverview.aspx?code=is-915
Prevention and monitoring
Insider threats are often difficult to detect as employees and other insiders often have legitimate access to systems and data. Without monitoring employees constantly, organizations can find it difficult to determine whether individuals are accessing information for legitimate reasons or for malicious purposes.
Organizations can take several steps to minimize the risk of insider threats.
Background checks before hiring
Organizations need to conduct background checks before hiring when possible, particularly for full time employees. Background checks are relatively inexpensive for businesses can reveal risk factors, such as past criminal activity.
Companies can also call and interview former employers before hiring a candidate. Sometimes former employers can give deeper insights into an employee’s behavior and reveal possible warning signs.
Stronger security systems
Implement strong and user friendly security systems can prevent internal security breaches, both accidental and intentional. Design software and security tools for usability to reduce human error.
IT can implement 2-factor authentication for sensitive data and also force users to select strong passwords that are not easy to guess. Forcing users to change their passwords every few months can make it harder for unauthorized users to gain access to data.
ID or access cards can also be required to gain physical access to locations that contain sensitive data or other valuable assets. Security staff and cameras can also monitor such locations for unusual activity.
If an employee requires remote access, they should use a VPN and should also have their computer inspected by IT to make sure the proper internet security software is installed. Make sure they select the best vpn provider with up-to-date security and not an outdated VPN that uses PPTP protocols. Develop a list of best vpn services that employees are allowed to use on their remote devices.
Firewalls, VPNs and system audits
Organizations install firewalls and computer security systems to help detect malware, viruses and logic bombs. These security systems should be kept up to date and an IT or security specialist should monitor systems for unusual activity regularly.
Virtual private networks (VPN) can be installed to control remote access to the system. The best VPNs allow employees to access the corporate intranet remotely without having to be in the office. Top VPN Software increases privacy and security by allowing only authenticated and encrypted connections.
The best VPN services range in price, but people can get access to top VPN providers for under $100 a month.
The IT department should also conduct regular system audits to periodically check for any signs of data breach. Monitor systems for unusual spikes in activity or access patterns that are outside the norm.
Although VPNs can be used to increase security, they can also be used by insiders to transfer data outside the company without being detected. The organization’s IT staff should ensure that their firewalls are configured properly to prevent unauthorized transfer of data and detect unauthorized usage of VPN’s.
Backups and archiving
Backing up and archiving data is something that businesses can do to prevent expensive loss of data. Data can be backed up into physical devices that aren’t always connected to the network or uploaded into secure cloud locations.
Some businesses may even want to store multiple revisions of important files, so that older versions can be restored if newer versions become corrupted.
Restrict access to systems and data
Organizations should restrict access to data to only people who need access. Creating unique usernames and passwords for each individual will allow companies to more easily track unauthorized access back to the individual.
When access is no longer needed, the person’s access should be revoked immediately. Former employees or contractors who no longer require access should have their accounts deactivated as well.
For employees with high level access, such as IT administrators, system passwords may need to be changed as well.
If required, remote access to systems should be controlled by selecting one of the best vpn providers available. Although there are a lot of free VPN services, the best VPN software companies charge a monthly fee for access to their services.
Things to look for when selecting the best vpn service include what protocols do they support, how many simultaneous connections are allowed and how many servers do they have (as well as where they are located). Top VPN services will not be using PPTP protocol, as that protocol is very dated and uses weak encryption.
Training and vigilance
One of the most important ways to minimize insider risks is training and vigilance. An organization needs to train their workers about what an insider risk is, things to look out for and also ways to minimize risk (for example, not sharing passwords with others).
Employees also need to know the consequences of a security breach or theft. Negative consequences can sometimes deter malicious actions or careless behavior.
Behavioral monitoring
Sometimes employees can exhibit signs of being disgruntled before they take action, so behavioral monitoring can help detect insider threats before they happen. Also, monitoring unusual activity like logging in outside of normal business hours or unauthorized attempts to access systems remotely can be indications that an insider threat exists.
Employees should also receive praise and possibly other recognition for reporting suspicious activity.
Establish strong HR policies
One way to lower the risk of insider threats is to prevent employees from becoming disgruntled in the first place. Creating a positive work environment is something that can help prevent problems.
Interview potential candidates for cultural fit and have current employees interview with potential hires. Identify ways to improve employee satisfaction by surveying employees periodically and getting feedback on what can be improved.
Employees should have venues to voice concerns if they become disgruntled or dissatisfied at work.
HR should also establish a process on how to handle firing and laying off of employees. Losing a job is stressful for most people, but a good process can improve the odds that employees and businesses will part on friendly terms.
Providing a good severance package, taking an employee out for a last meal and giving an employee resources to find a new job are just a few ways that companies can make a lay off less stressful and thus reduce the risk of malicious activities.
Companies also need to monitor employees that are losing their jobs. Despite a company’s best efforts, such employees may still become disgruntled and being on the lookout for warning signs could prevent malicious activities from occurring.
Warning Signs
While insider threats can be difficult to detect, people with malicious intent can often display behavior warning signs. Training employees to look for such signs and reporting them to management can be a good way to detect and stop insider threats early on.
Here are a few characteristics of people that may be at risk of becoming an insider threat:
– Financial need or greed
– Destructive behavior
– Social withdrawal
– Rebellious attitude
– Inability to take personal responsibility for their actions
– Poor ability to handle crises and other bad situations
– Sudden behavioral changes
– Alcohol or other substance abuse
Unusual system activity can also indicate possible security breaches. Here are some signs that an insider threat may be present:
– Remote access of systems while sick or on vacation
– Copying or accessing materials that aren’t relevant to the person’s job
– Unusual work hours or too much overtime work
– Simultaneous account login from multiple locations at the same time
– Former employees or contactors logging in after they are no longer working for the company
– Someone logging in from a different location or IP address
Key Takeaways
Organizations need to realize that unfortunately, their own employees and contractors might be their biggest security threat. Insider threats can be minimized by establishing a positive work environment, developing sound hiring and training processes and implementing strong data security systems.
Training, vigilance and regular monitoring can also help mitigate this growing threat. While insider threats can be difficult to detect, organizations can minimize the risks by taking the proper steps.
Leave a Reply