September 26

6 types of insider threats and how to prevent them

United Kingdom of Great Britain and Northern Ireland flag icon
Reading time 5 minutes

Insider threats pose a significant security risk to enterprises. By some accounts, more than 60% of organizations…

Sign in for existing members Continue Reading This Article Enjoy this article as well as all of our content, including E-Guides, news, tips and more. Step 2 of 2: You forgot to provide an Email Address. This email address doesn’t appear to be valid. This email address is already registered. Please login. You have exceeded the maximum character limit. Please provide a Corporate E-mail Address.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy. Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time. Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

have experienced an insider threat attack – is your enterprise next?

Don’t fret. There are steps to take – as well as signs to look for – to detect and protect against common insider threats without breaking the bank.

Overall, there are three common types of insider threats: compromised insiders, such as an employee whose credentials were stolen; negligent insiders, for example, if an employee misplaces a laptop or incorrectly sends an email; and malicious insiders, including disgruntled employees, who commit acts such as theft, fraud, sabotage, espionage and blackmail.

These threats can be further broken down by how sensitive data is leaked. Here are six common insider threats that pose a danger to sensitive data, along with mitigation strategies for each.

1. Exploiting information via remote access software Problem: A considerable amount of insider abuse is performed offsite via remote access tools. Users are less likely to be caught stealing sensitive data when they can do it off site. Plus, inadequately protected laptops, for example, may end up in the hands of an attacker if left unattended, lost or stolen. A number of remote access tools, namely Microsoft’s remote desktop protocol (RDP), are particularly susceptible to infiltration. Solution: Solid share and file permissions are critical, as are OS and application logging. With many remote access options, you can enable tighter security controls on certain features and system access, monitor employee usage in real time and generate usage logs. Look into the configuration of your system and determine which features and audit trails can provide better management, reporting and security. It’s also common for abuse to take place during nonbusiness hours, so consider limiting the times that users can remotely access systems. Strong passphrase requirements can thwart guessed logins, and requiring users to log in after power-saving timeouts can keep unauthorized users locked out. Encrypting system hard drives also helps protect systems that are lost or stolen. To prevent RDP risks, it’s best to disable the protocol when possible. Otherwise, proper patching and using Group Policy are recommended.

2. Third-party threats Problem: Third parties that have access to enterprise systems – think contractors, part-timers, customers, suppliers and service providers – can present a major risk to sensitive data. Also known as supply chain attacks or value-chain attacks, third-party attacks leave sensitive data and a company’s reputation vulnerable, as evidenced in the 2013 Target breach in which customer data was stolen after an HVAC contractor’s credentials were obtained by hackers. Solution: Make sure any third party you work with is trustworthy – look at their background and get references if possible. Second, have a sound third-party risk management program in place. Monitoring tools are instrumental in identifying malicious or anomalous behavior. User behavior analytics can detect erratic conduct. Restrict third-party access through the principle of least privilege to prevent access to anything on the network beyond what is needed to complete their job. It is also important to regularly review third-party accounts to ensure system permissions are terminated after their work is completed. Regular user access reviews for employees and third parties alike is a critical security practice.

3. Leaking data via email and instant messaging Problem: Sensitive information included in or attached to an email or IM can easily – and, often, unintentionally – end up in the wrong hands. This is one of the easiest types of insider threats to eliminate. Solution: One of the most effective mitigation strategies to catch sensitive information leaving the network is to set up a network analyzer to filter keywords, attachments and so forth. Utilizing client- or server-based content filtering can also catch and block sensitive information from going out. Likewise, perimeter-based or outsourced messaging security mechanisms offer easy-to-manage content filtering and blocking. Keep in mind that none of these options work well if message traffic is encrypted. However, filtering will at least highlight the fact that such communication is taking place. Speaking of which, be sure to regularly review enterprise firewall rules to determine not only what’s allowed in, but also what’s allowed out of the network. Another email and messaging threat to consider is phishing and other social engineering scams. Be sure to include security awareness training as part of your insider threat program.

4. Insecure file sharing Problem: Whether or not you permit file-sharing software such as Dropbox or Google Drive, or collaboration tools such as IM, Slack or Skype, odds are they’re on your network and waiting to be abused. The services themselves are not the problem; it’s how they’re used that causes trouble. All it takes is a simple misconfiguration to serve up your network’s local and network drives to the world. Solution: If your organization allows file-sharing and collaboration software, it behooves you to ensure that users are aware of the dangers. Monitoring tools can help enterprises detect and manage the use of file-sharing and collaboration tools. If you don’t want these services used, you can try blocking them at the firewall; however, sometimes the software is smart enough to find open ports to go out. Also note that if you have business-grade Dropbox, for example, you cannot disable personal Dropbox use and keep the enterprise version. Be sure to use a network analyzer and regularly perform a firewall rule audit.

5. Careless use of wireless networks Problem: One of the most unintentional types of insider threats is insecure wireless network usage. Whether it’s at a coffee shop, airport or hotel, unsecured airwaves can easily put sensitive data in jeopardy. All it takes is a peek into email communications or file transfers for valuable information to be stolen. Wi-Fi networks are most susceptible to these attacks, but don’t overlook Bluetooth on smartphones and tablets. Also, if you have wireless LANs inside your organization, employees could use them to exploit the network after hours. Solution: You cannot control the airwaves outside of your office, but you can enable secure Wi-Fi use. This entails using a VPN for remote network connectivity, a personal firewall to keep users from connecting to the wireless computer and SSL/TLS for all messaging. Also ensure your internal wireless networks are secure. Use proper encryption and authentication – WPA3 is the latest iteration of the Wi-Fi security protocol – and enable logging. Disabling Bluetooth if it’s not needed or at least making your devices nondiscoverable can also cut down on wireless attacks.

Comments

Leave your questions here

To write a comment you must
or
Services
Category filter
Concern filter
Type filter
Sort
 
All categories
Personal Development Coaching
$50 USD
Spiritual Coaching - Removing Energy Blocks - Expansion

> “Who looks outside dreams. Who looks inside awakens.” Jung

Spiritual coaching is about moving you into a profound state of empowerment and involution m…

Kimla Rose (Kim Desrosiers)
United States of America flag icon
Life Coaching
$10 USD
Life Purpose and Soul Wisdom

What is your deeper truth, your deeper knowing, your MOJO, your deepest desires, those feelings that you can’t explain but that are so pure and so clear…or may…

Anna Beale
United States of America flag icon
Wellness Coaching
$10 USD
Your Missing Manual for Health & Life!

Are you constantly reading books, blogs and listening to podcasts trying to figure out what to do to be healthy?

With so much conflicting information out ther…

Pamela Malo
United States of America flag icon
Tarot Reading
$10 USD
Pick one card

Many questions can be answer with just one Arcane. Do you want to try?

Nelise Carbonare
United States of America flag icon
Tarot Reading
$120 USD
THE SYNERGY OF THE PYRAMID

THE SYNERGY OF THE PYRAMID focuses on a specific relationship: One side for the consultant and one for their partner. (the partner does not need to be present …

Nelise Carbonare
United States of America flag icon
Tarot Reading
$100 USD
Timeline Reading

EGYPTIAN TAROT READINGS using unique methods developed by Nelise Carbonare, a Brazilian healer with more than 40 years of experience in tarot consultations, as…

Nelise Carbonare
United States of America flag icon
Nutritional Therapy
$150 USD
Nutritional Therapy Consultation

Hi my name is Aria and I am the founder of Heal with Nutrition. I am a registered Nutritional Therapist and a Naturopath who has a passion on Nutrition and Hea…

Aria Alexandrou
United Kingdom of Great Britain and Northern Ireland flag icon
Tarot Reading
$10 USD
THOTH AND HERMETIC DECKS READING

With a deep knowledge of hermeticism and being introduced to the kabbalah tradition of the emanation process from the tree of life, I provide a deep insight co…

James Marchiori
Ireland flag icon
Personal Development Coaching
$55 USD
The Bridge to Your Desired Life

This is were you get real help with your struggles and life challenges. As life gets harder to cope with, we tend to look for external ways to get through. And…

Mina Mikhail
United States of America flag icon
Naturopathy
$10 USD
Intake Consult

short introduction consult to Integrative Medicine

Femke Neervoort
Netherlands flag icon
Career Coaching
$300 USD
Reset Coaching and Mentoring Programme

12 weeks of bi-weekly 90 minutes 1:1 Coaching and Mentoring. Total cost USD1800 (6x90minutes career coaching and mentoring session)

Are you returning to work …

Carla Martins
United Kingdom of Great Britain and Northern Ireland flag icon
Personal Development Coaching
$120 USD
Spiritual Life Coach Session-Personalized Session

Personalized Sessions

Because Everyone Is Unique

Client-centered sessions based on the area of focus requested by the client.

Each session is a LIVE Sessio…

Deborah Lucero
United States of America flag icon
Reiki
$55 USD
Guidance, Inspiration & Healing

This type of session is a favorite among many of my clients, as it is often times one of the smoothest way to address a challenge to reach a happier and health…

Mina Mikhail
United States of America flag icon
Mediumism
$10 USD
Psychic Readings

I specialize in love, past present future, future, past life, general, tarot, dream interpretation, specific, social, and career readings! Book today for clari…

Holly
United States of America flag icon
Life Coaching
$399 USD
1-on-1 Coaching

The journey started with our discovery call, and You decided: ” I’m ready! Let’s do this!”.

We will engage in 1-on-1 coaching sessions for 90 minutes. In this…

Carla Martins
United Kingdom of Great Britain and Northern Ireland flag icon
Ascension
$88 USD
Ascension Mentor Support

In this session, we come together with similar to a healing session but face to face.

We talk about what issues you are facing at the moment and we delve deep…

Claire C.
Australia flag icon
Spiritual Healing
$177 USD
Energy Healing

I am honored to assist you with intuitive channeled energy healings that support and nurture you on a physical level as well soul and energetic level, each ses…

Claire C.
Australia flag icon
Reiki
$375 USD
Usui Reiki 1st Degree Course

FIRST DEGREE COURSE - The ultimate Reiki course.

Have you ever wondered if you can heal? Have you felt a burning desire to help others? Then you’ve come to th…

Step Into Your Light - Christina Moore
United Kingdom of Great Britain and Northern Ireland flag icon
Life Coaching
$10 USD
Hand Analysis - Startup Session

What does a hand analysis do for me? ​

You will understand yourself and your life purpose. ​You will understand the roots of your triggers and reactionary be…

Brent Bruning, Master Hand Analyst
Switzerland flag icon
Shamanism
$10 USD
Sample Akashic Records Reading for Your Burning Issue

I connect to your Akashic Records and listen to what your guides want to bring to your conscoius attention at this time. Perhaps, it is an insight into why you…

Olga Aydınoğlu
Turkey flag icon
Shamanic Healing
$300 USD
Shamanic Healing Art

What is Shamanic Healing Art?

It is a physical artwork (usually a pastel drawing) I make for you based on the outcome of our online session. This artwork will…

Olga Aydınoğlu
Turkey flag icon
Shamanic Healing
$70 USD
Heal to say "No"

A limits and boundaries shamanic healing session to help you heal relevant wounds and traumas from this and/or other lifetimes, let go of false beliefs, judgem…

Olga Aydınoğlu
Turkey flag icon
Shamanic Healing
$70 USD
Writer's Block Shamanic Healing Session

Before the Session

I do my pre-meditation to find out the main reasons for your writer’s block. (This happens psychically, where I generally just need your na…

Olga Aydınoğlu
5
Turkey flag icon
Third Eye Meditation
$70 USD
Third Eye Meditation Practice

During our online meeting, I will guide you through a meditation session for you to have a Third Eye perception experience. You do not need to know how to medi…

Olga Aydınoğlu
Turkey flag icon