Defining Insider Threats and How to Defend from the Inside Out

By Explorer -

 As cybersecurity professionals we spend much of our time focusing on keeping threats out. With good reason: from business email compromise attacks (BEC) to malware there are a host of threats that, once inside our defences, can do significant damage.  However, not all attacks are perpetrated by outside forces. Sometimes, the threats are coming from inside the organization.

These insider threats are increasingly common. In fact, according to Proofpoint’s inaugural Voice of the CISO report 31% of global CISOs see insider threats as the perceived biggest risk to their organisation in the next year. This comes behind only Business Email Compromise (BEC) (34%) and Cloud Account Compromise (33%).

Just like outside threats, those that stem from the inside have the potential to cause significant damage.

However, not all insider threats are malicious. When we consider unintentional threats – such as the installation of unauthorized applications or the use of weak or reused passwords – this figure is likely much higher.

How to Identify and Reverse Engineer Potential Insider Threats

There are three types of insider threats – malicious, negligent, and compromised users. Insiders differ from external hackers because insiders already have legitimate and authorized access to sensitive systems and often interact with sensitive data on a daily basis.

With malicious users, you are looking for a timeline of technical activity that includes preparation for exfiltration, data exfiltration, and intentional covering up of tracks. Additionally, these users may display harmful offline motivations such as revenge, anger or frustration to cause harm.

To identify negligent activities, security teams need to look for indicators of poor hygiene such as storing passwords in text files, leaving databases exposed to the public internet, using unsecured Wi-Fi connections, using unauthorized applications, and actions that are designed to sidestep security restrictions.

Identifying potential cases of compromise means looking for suspicious behavior including activity such as discovering valuable assets, accessing target assets, data exfiltration preparation, and finally evidence that the insider is covering their tracks.

The key in all three cases is the capability to identify risky behavior and very quickly ascertain whether it warrants additional research. Security teams that get drowned in alerts they can’t efficiently investigate often miss important indicators.

Insider Threat

Insider Threat Risk and Incident Cost

Insider threats have risen rapidly as an existential threat to IT security. They are increasing in both frequency and costs. Many—arguably most—organizations are simply not prepared for this reality as their security practices tend to focus outward instead of inward.

According to a 2020 Proofpoint and Ponemon study, the average global cost of insider threats rose by 31% in two years to $11.45 million, and the frequency of incidents spiked by 47% in the same time period. The inability for organizations to manage these threats is evidenced by how long they take to clean up: the average incident took 77 days to contain, up from 73 in 2018.

The longer an incident lingers, the costlier it gets. In this study, incidents that took more than 90 days to contain cost organizations an average of $13.71 million on an annualized basis. The growth of insider threats is driven by a range of issues, including more sophisticated external threats compromising user accounts, a remote and connected workforce, third-party contractors with access to the organization, and limited job tenures.

But it’s also not all malicious: negligent insiders account for 62% of all incidents, costing organizations the most in total per year: an average $4.58 million. Even though criminal insiders dominate the headlines, their frequency was the lowest, at 14% of incidents.

Protection Insight:

Stopping all these incidents requires a comprehensive insider threat management solution that can efficiently visualise risky insider activity across applications, systems and sensitive data at all times. An effective insider threat management solution must address people, process and technology.

Many organizations mistakenly focus on data movement alone. However, organizations need visibility into user and file activity at all levels. They need to know the ‘how’ and ‘why’ of a user’s behavior to figure out intent and actions. But it’s not just employees – contractors, third parties, partners throughout the supply chain can expose you to danger if you don’t put sufficient people-centric protections in place.

Raising security awareness can curtail the negligence that makes up insider threats. Establish a set of governance policies informed by legal counsel and communicate those to your employees. Offer security training programs tailored to each executive level in your organization. These training sessions should occur with some frequency and be refreshed to reflect changes in how insider threats occur.

Defending your data and protecting your organization against insider risk is a team effort. It means working with key stakeholders from other departments to identify potential insiders, including human resources, IT, facilities/operations, and legal. Ultimately, data doesn’t just get up and walk away – it requires a malicious, negligent, or compromised user to perform an action.


Source: https://techwireasia.com/2021/06/insider-threat-accident-malicious-malware-cybersecurity-compromise-discussion/

Comments

Post a Comment

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

By Explorer -
Image
Massive public protests taking place in Hong Kong over the past week are aimed at a new extradition law, known as the Fugitive Offenders Ordinance , that would see accused criminals extradited to mainland China to face prosecution. Hongkongers feel the law could be used to legalise the kidnapping of people who express views, and act in ways, that are not popular with the Chinese government . The same law could also be used to extradite tourists and visitors to China who are arrested on suspicion of having committed these crimes. Protesters want the bill scrapped. For now, debate of the legislation has been postponed . Organisers say one million people turned out for the protests, while police estimate the number was around 240,000. Either way, it was a significant number of Hong Kong’s 7.5 million population. Commentators on Twitter remarked on how well organised the protesters were. So, how did they do it? Protesters across the world are using n
Read more

‘Not Hospital, Al-Shifa is Hamas Hideout & HQ in Gaza’: Israel Releases ‘Terrorists’ Confessions’ | Exclusive

By Explorer -
 According to a video of interrogation of "Hamas terrorists" released by Israel Security Agency Shin Bet, accessed exclusively by News18, "The Shifa hospital has been made with many considerations as Hamas knew that medical places won’t be attacked by the enemy. Equipment, explosives and other material has been kept there." Hamas is using hospitals in Gaza as covers and have turned them into ammunition depots, according to a video of interrogation of “Hamas terrorists" released by  Israel Security Agency  Shin Bet, accessed exclusively by News18. ALSO READ | Israel-Hamas War LIVE Updates  HERE The Israeli military has claimed that those featuring in the video released on Saturday are Hamas terrorists, who participated in the  October 7 attack  on Israel. “Most of the tunnels are hidden in hospitals. There are multiple underground levels. Al-Shifa Hospital is not small, it is a big place that can be used to hide things," a man is seen saying. “The Al-Shifa
Read more

Islam Has Massacred Over 669+ Million Non-Muslims Since 622AD

By Explorer -
Image
In fact, no ideology has been as genocidal as Islam… Islam has killed more than 5 times the number of people killed by communism. In the total numbers we have updated over 80 million Christians killed by Muslims in 500 years in the Balkan states, Hungary, Ukraine, Russia. Then we have India. The official estimate number of Muslim slaughters of Hindus is 80 million. However, Muslim historian Firistha (b. 1570) wrote (in either Tarikh-i Firishta or  the Gulshan-i Ibrahim) that Muslims slaughtered over 400 million Hindus up to the peak of Islamic rule of India, bringing the Hindu population down from 600 mil to 200 million at the time. With these new additions the Muslim genocide of non-Muslims since the birth of Mohammed would be  over 669 million murders. Islam: The Religion of Genocide Perspective:   Think the Spanish inquisition was bad? More people are killed by Islamists each year than in all 350 years of the Spanish Inquisition* combined. The Spanish inquisition ( Tribunal del Sant
Read more