By Boaz Fischer on Jul, 1 2017
No Time To Be REACTIVE When It Comes To Insider Threats!
“So I went and visited a Doctor and he diagnosed me with reactive symptoms”
Highly publicised insider data theft, such as the Morgan Stanley breach or Edward Snowden incident, highlight the increasing need for better security practices and solutions to reduce the risks posed by Insider Threats.
While governments around the world have communicated the importance of addressing Insider Threats, real-world efforts have been patchy. It is easy to understand why some organisations have avoided the issue. The challenge of detecting and deterring insider threats appears difficult and it is hard to know where to start.
The harm caused by data breaches, theft of intellectual property, loss of financial information and other critical-value data is epidemic. The resulting financial damage to governments, corporations and individuals amounts to hundreds of billions of dollars annually.
In defining an ‘Insider Threat’ it doesn’t matter how someone gains access or whether they are a current or former employee or an external contractor. Once a user is inside the system, they pose a potential Insider Threat.
While we would like to believe that all of our employees, contractors, consultants and other partners are all above reproach, we are in fact dealing with people behaviour. Human behaviour that we cannot control.
And while we may set the appropriate security controls and require users to follow organisation procedures and policies, it is extremely difficult to monitor and enforce.
A set of activities may define user behaviour. But it doesn’t explain their motivation. There is generally no single rule or reason for an employee deliberately seeking to cause harm to an organisation.
Those who betray their organisation are often driven by a mix of personal situations or emotional driven circumstances which we have little or no visibility after its way too late.
No Time To Be Reactive
Detecting and disrupting malicious insider activities are classic ‘needle in a haystack’ problem and it’s easy to be intimidated in the face of such complex tasks.
Although, this mission is difficult, it is important to understand organisations cannot afford to take a purely reactive posture toward Insider Threats.
Placing new and additional set of controls and measures in place after a breach has already occurred will most likely come too late to prevent embarrassment, loss of valuable information, reputation diminishment or even public scandal.
Albert Einstein once quoted that the definition of “Insanity” – Doing the same things over and over again and expecting different results. Insider Threats is a people problem. It is not solved by our current thinking of security practices.
Perimeter defences, incident response and security operation centres are mostly defensive in nature. They typically alert and respond after an event has occurred. Perimeter defences are designed to keep outsiders from getting into an organisation’s systems. They are almost powerless against malicious actors who are already inside the network and often have legitimate credentials to access critical-value data.
Insider Threats and risks require assessment, prioritisation and most of all action rather than reaction. If you ignore it, it will keep getting worse and while you have a short term enjoyment and respite, it will most likely destroy you.
How Do We Start To Address The Insider Threat?
Organisations can become more proactive by broadening the scope of cybersecurity activities from traditional perimeter defences to a set of policies and processes that focus on building an Insider Threat Program for key aspect of the enterprise or whole of the organisation.
An Insider Threat Program is a holistic approach that in-cooperates policies, guidance, education, training and technology that accurately understands and helps in managing Insider Threats.
The result gained by building an implementing an Insider Threat Program:
- Identify critical assets and protection schemes
- Develop a framework for their Insider Threat Program
- Enhancing organisation state of protection, detection and response to Insider Threats
- Enhancing any risk management programs
The key is that this is a program, not just a piece of software. Technical aspects alone are insufficient to deter Insider Threat actors. Organisations must create an environment for an Insider Threat framework to effectively reduce and mitigate the potential of Insider Threats.
To start address the risk of Insider Threat within your organisation, why not schedule a FREE one hour consultation with one of our Insider Threat people - Click Here!
And if you haven't had the chance to read our book (Protecting Your Business From Insider Threats In 7 Effective Steps), please download it here for FREE - Click Here!