The language of Cybersecurity can be filled with acronyms, abbreviations and multiple meanings for the same or similar phrases. If you are new or just embracing Cybersecurity as a company, understanding these can be very confusing. To help you develop your cybersecurity vocabulary, we will do our best to simplify trending terms, phrases or topics. September is National Insider Threat Awareness Month so we thought it would be a good time to discuss Insider Threat. We will cover what it is, what risks are associated with it and how to protect against it.
What is an Insider Threat?
The Department of Homeland Security defines an Insider Threat as “the threat that an employee or a contractor will use his or her authorized access, wittingly or unwittingly, to do harm…”. The key point is not that it may cause harm, but that Insider Threats often aren’t malicious. In fact, most Insider Threats are due to uninformed/unaware/uneducated employees with good intentions. With that said, Insider Threats can also be a real concern when talking about a disgruntled employee, an outside contractor or a threat actor that gains unauthorized access.
What are the Risks with Insider Threats?
To understand the risks, its easiest if we give you some examples of what can happen and the amount of damage that can occur from an Insider Threat. Take a new hire that is rushed in to place without proper training. They were never shown the Acceptable Use Policy to understand what their limits and responsibilities are as it pertains to company data and its technology. They are slow to pick up the process and decide to take some data home on a company laptop to catch up. On their way the PC is stolen from them in the subway. Now the data and the PC are gone. Depending on what the company does and what was on the laptop, the company may be looking at loss of data, money, legal ramifications and a tarnished reputation to name a few things. That is only one example. Some other quick examples include an employee that thinks they have been slighted so they destroy data as retaliation OR an employee in financial trouble is looking to find ways to make ends meet by selling data to a rival company. These are just a few of the many risks associated with Insider Threat.
How do you Protect against Insider Threats?
Protecting against Insider Threats starts with education. Security Awareness Training can help with understanding what to watch out for when it comes to Phishing or Social Engineering attacks. Also reviewing the Acceptable Use Policy can point out what is acceptable when it comes to the company data and its technologies. Also, performing thorough background checks before hiring employees is a must. As well as scheduling regular meetings to keep employees informed of their career trajectory can curb some Insider Threats. A few other techniques include job rotation, dual authentication and mandatory vacations. All those techniques allow multiple people to review or check employees so malicious acts do not go unnoticed or are deterred before they happen. The last item I would like to mention revolves around privileges. Limiting what people can access based on roles within the company and granting the absolute minimum necessary privileges to perform their job can limit damage as well. That is called the Principal of Least Privilege (That’s a discussion for another blog.). These are just a few of the ways to address Insider Threats. I hope this blog has helped you understand Insider Threats a little better. Maybe next time we can discuss one of the other terms mentioned above: Social Engineering!