6 types of insider threats and how to prevent them
Insider threats pose a significant security risk to enterprises. By some accounts, more than 60% of organizations...
Sign in for existing members Continue Reading This Article Enjoy this article as well as all of our content, including E-Guides, news, tips and more. Step 2 of 2: You forgot to provide an Email Address. This email address doesn’t appear to be valid. This email address is already registered. Please login. You have exceeded the maximum character limit. Please provide a Corporate E-mail Address.
I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time. Please check the box if you want to proceed.
have experienced an insider threat attack -- is your enterprise next?
Don't fret. There are steps to take -- as well as signs to look for -- to detect and protect against common insider threats without breaking the bank.
Overall, there are three common types of insider threats: compromised insiders, such as an employee whose credentials were stolen; negligent insiders, for example, if an employee misplaces a laptop or incorrectly sends an email; and malicious insiders, including disgruntled employees, who commit acts such as theft, fraud, sabotage, espionage and blackmail.
These threats can be further broken down by how sensitive data is leaked. Here are six common insider threats that pose a danger to sensitive data, along with mitigation strategies for each.
1. Exploiting information via remote access software Problem: A considerable amount of insider abuse is performed offsite via remote access tools. Users are less likely to be caught stealing sensitive data when they can do it off site. Plus, inadequately protected laptops, for example, may end up in the hands of an attacker if left unattended, lost or stolen. A number of remote access tools, namely Microsoft's remote desktop protocol (RDP), are particularly susceptible to infiltration. Solution: Solid share and file permissions are critical, as are OS and application logging. With many remote access options, you can enable tighter security controls on certain features and system access, monitor employee usage in real time and generate usage logs. Look into the configuration of your system and determine which features and audit trails can provide better management, reporting and security. It's also common for abuse to take place during nonbusiness hours, so consider limiting the times that users can remotely access systems. Strong passphrase requirements can thwart guessed logins, and requiring users to log in after power-saving timeouts can keep unauthorized users locked out. Encrypting system hard drives also helps protect systems that are lost or stolen. To prevent RDP risks, it's best to disable the protocol when possible. Otherwise, proper patching and using Group Policy are recommended.
2. Third-party threats Problem: Third parties that have access to enterprise systems -- think contractors, part-timers, customers, suppliers and service providers -- can present a major risk to sensitive data. Also known as supply chain attacks or value-chain attacks, third-party attacks leave sensitive data and a company's reputation vulnerable, as evidenced in the 2013 Target breach in which customer data was stolen after an HVAC contractor's credentials were obtained by hackers. Solution: Make sure any third party you work with is trustworthy -- look at their background and get references if possible. Second, have a sound third-party risk management program in place. Monitoring tools are instrumental in identifying malicious or anomalous behavior. User behavior analytics can detect erratic conduct. Restrict third-party access through the principle of least privilege to prevent access to anything on the network beyond what is needed to complete their job. It is also important to regularly review third-party accounts to ensure system permissions are terminated after their work is completed. Regular user access reviews for employees and third parties alike is a critical security practice.
3. Leaking data via email and instant messaging Problem: Sensitive information included in or attached to an email or IM can easily -- and, often, unintentionally -- end up in the wrong hands. This is one of the easiest types of insider threats to eliminate. Solution: One of the most effective mitigation strategies to catch sensitive information leaving the network is to set up a network analyzer to filter keywords, attachments and so forth. Utilizing client- or server-based content filtering can also catch and block sensitive information from going out. Likewise, perimeter-based or outsourced messaging security mechanisms offer easy-to-manage content filtering and blocking. Keep in mind that none of these options work well if message traffic is encrypted. However, filtering will at least highlight the fact that such communication is taking place. Speaking of which, be sure to regularly review enterprise firewall rules to determine not only what's allowed in, but also what's allowed out of the network. Another email and messaging threat to consider is phishing and other social engineering scams. Be sure to include security awareness training as part of your insider threat program.
4. Insecure file sharing Problem: Whether or not you permit file-sharing software such as Dropbox or Google Drive, or collaboration tools such as IM, Slack or Skype, odds are they're on your network and waiting to be abused. The services themselves are not the problem; it's how they're used that causes trouble. All it takes is a simple misconfiguration to serve up your network's local and network drives to the world. Solution: If your organization allows file-sharing and collaboration software, it behooves you to ensure that users are aware of the dangers. Monitoring tools can help enterprises detect and manage the use of file-sharing and collaboration tools. If you don't want these services used, you can try blocking them at the firewall; however, sometimes the software is smart enough to find open ports to go out. Also note that if you have business-grade Dropbox, for example, you cannot disable personal Dropbox use and keep the enterprise version. Be sure to use a network analyzer and regularly perform a firewall rule audit.
5. Careless use of wireless networks Problem: One of the most unintentional types of insider threats is insecure wireless network usage. Whether it's at a coffee shop, airport or hotel, unsecured airwaves can easily put sensitive data in jeopardy. All it takes is a peek into email communications or file transfers for valuable information to be stolen. Wi-Fi networks are most susceptible to these attacks, but don't overlook Bluetooth on smartphones and tablets. Also, if you have wireless LANs inside your organization, employees could use them to exploit the network after hours. Solution: You cannot control the airwaves outside of your office, but you can enable secure Wi-Fi use. This entails using a VPN for remote network connectivity, a personal firewall to keep users from connecting to the wireless computer and SSL/TLS for all messaging. Also ensure your internal wireless networks are secure. Use proper encryption and authentication -- WPA3 is the latest iteration of the Wi-Fi security protocol -- and enable logging. Disabling Bluetooth if it's not needed or at least making your devices nondiscoverable can also cut down on wireless attacks.