Jump to content

Cyber Security Best Practice - Insider Threat Management

Ransomware and phishing attacks are more of a threat than ever before. While many organisations consider these to be external threats, they can more than likely be taking place internally. This month we are highlighting insider threats, what they are, and how you can manage them.

Title of the blog. Cyber Security Best Practice - Insider Threat Management

Quite rightly, businesses must trust their employees with access to information and do the right things to keep it safe.

Nevertheless, that doesn’t mean that you shouldn’t put controls in place to prevent ‘insider threats’ within your organisation. Our cyber security expert, Greg Nott, has given his overview on insider threats, what they are and how you can keep our organisation secure.

What are "insider threats"?

Insider threats can come in many forms, including:

Careless Insiders – An unintentional threat due to human error or security policy violation. Examples could include deleting sensitive information by accident or unintentionally letting someone tailgate them into a secure building.

Compromised Insiders – Users whose accounts are compromised and used by cybercriminals. Clicking on dodgy links in phishing emails or reutilising the same password across multiple systems are just 2 very common causes.

Malicious Insiders – Intentionally use their access to systems to exfiltrate sensitive information or harm the company. You won’t have been able to miss the latest news that Donald Trump was found to have over 300 Classified documents in his possession, long after he should have, including Nuclear Secrets. It may be less obvious in your organisation that your employees could do something similar, but this acts as proof that insider threat controls need to be in place, need to be robust and must apply to everyone in the business.

How can we avoid "insider threats"?

Of course, any security measures you do take need to be relevant and specific to your business, its information, and its employees. However, these headline controls can point you in the right direction:

Establish & communicate your security policies – make sure your employees know what is expected of them, and be vigilant at all times. Once is not enough. Regularly reiterate these policies and how people should be enforcing them to reduce the risk of negligence.

Limit access to information – use the principle of ‘Least Privilege’ to ensure that employees only have access to information they NEED to do their day-to-day job. This applies to ALL employees. Just because the CEO CAN have access to your HR database doesn’t mean they SHOULD have access. Assure your team this isn’t a trust issue – it’s about limiting the amount of information an attacker will have access to if their account is compromised.

Audit & protect your assets – this includes your information as assets, not just hardware. Know who can / does use which devices, who can / does take devices outside of your office, and deploy additional technical controls to devices that are used outside of your network. Know where your sensitive information resides to enable you to effectively manage access to it. Employ effective document control methods so you can track your sensitive files. This applies to both digital and physical files. Are those important files stored securely, or are they available for all to see somewhere in Florida?

Prevent Email Phishing Victims – email is the main form of work communication for our people and so poses one of the biggest risks of insider threat, leading to negligence and compromise. Effective email security controls are absolutely crucial to reduce the number of phishing emails your teams will receive. Back this up with regular awareness training to reduce the chance anyone will click on something they shouldn’t when a successful phish does hit their inbox.

Monitor & Analyse user behaviour – One of the best ways to anticipate accidental data exposure, or spot someone doing something they shouldn’t, is to understand how your team works on a daily basis. Virtually impossible to do in the past, sophisticated tools now exist to analyse workflows and review user activity data, to automatically alert when something unusual happens allowing you to investigate further.

We can help you put these measures in place

We've seen numerous cases recently where organisation's haven't got the right measures in place to avoid these attacks. We must ensure that we are keeping are organisations and our people safe from calculated cybercriminals. We can help you achieve ultimate IT security, protecting each layer of your organisation how we see fit. So, get in touch today and secure your organisation.

Contact us and secure your organisation today

What we've seen

High-profile social engineering attacks such as the recent Uber ‘MFA Fatigue’ compromise show how damaging insider threats can be, whether intentional or not. It's clear that we all need to take action regardless of how much we may trust our people.

Following Uber's cyber attack, the organisation have had to pay $148m to cover up the damages that it has caused and to implement new security measures. With this, they have also advertised over 80 IT security roles following the attack creating further costs for the company.

As well as this, over the last few months, there have been more high-profile cyberattacks that have caused major complications within organisations. Last month, the NHS revealed that their IT supplier became a victim of a ransomware attack, which continues to cause problems that could continue indefinitely.

These attacks continue to cause implications for many organisations, which will not change until cyber security becomes the forefront of a business's priorities.

The Circle approach

We work with award-winning partners including Aruba, Microsoft and PureCyber to create cyber security solutions that are best suited to your organisation, so you’re secure in the knowledge that the solutions we propose are genuinely in your best interest.

We can also provide cyber essentials accreditations, penetration testing, and a 24/7 managed Security Operations Centre to support your ongoing cyber-security activity so that you can be at ease knowing your organisation is secure.

Want to know about our cyber security solutions?

Your transformation starts here.