Insider threats, considered too rare to be a real threat, have been steadily on the rise for a few years now. Data suggests that insider threats have risen a whopping 47% from 2018 to 2020. The annual average cost of insider attacks in 2020 is estimated at USD 11.45 million, a 31% rise since 2018. Further, organizations are spending 60% more on dealing with insider threats in 2020 as compared to the past 3 years! Yet many organizations and their leadership teams consider insider attacks as outliers and view them as a less serious threat.
Read on to know more about insider threat protection.
Insider Threats 2020 and Covid-19 Impacts
The Covid-19 pandemic has ushered in multiple challenges and new, unfamiliar risks for organizations.
- Given the expanding rates of lay-offs and salary cuts in organizations, employee loyalties are shifting. The chances of disgruntled employees turning malfeasant are high.
- Several organizations did not transition into telecommuting with well-defined and clear BYOD and remote working policies.
- The risks of social engineering (including voice phishing and scamming), malware, and ransomware attacks against negligent insiders are high.
- Investigating and identifying insider threats are growing into a massive challenge. Business assets and data are now easily accessible online to employees for the seamless functioning of the business in the remote work model. Insiders with the credentials can steal large volumes of data within seconds.
Insider Threat Prevention: Best Practices
Identify, Analyze and Prioritize Risks
Identification, analysis, and prioritization of risks is cybersecurity 101 and is no different for insider threat protection. The assets, information, etc. need to be ranked. Some of the questions to ask are:
- How valuable are they?
- What is the potential impact of these assets getting accessed by malicious actors?
- Would it undermine business effectiveness?
- Does it have legal, regulatory, and reputational implications?
Based on the value of the asset, accessibility needs to be granted and strict policies put in place to minimize risks of exposure and/or misuse.
What are Your Gray Areas?
Organizations typically have gray areas when it comes to application security, and this where attackers love to work. Knowing these gray areas enable organizations to better insider attack prevention. You must place yourself in the insiders’ shoes to get an outside-in perspective to understand the gray areas better. You must understand motives, what information does competitors seek, why would insiders turn hostile, and so on.
In the current Covid-19 scenario, some of the most lethal gray areas are BYOD policies, telecommuting policies, and shadow IT devices, resulting from the growing need for remote work and high employee turnover rates. Some of the other gray areas concerning insider threats are unintentional employee misbehavior, violation of policies, protection of IP after employee’s exit, minor thefts, and so on.
Proactively Identify Vulnerabilities and Weaknesses
Disruptions caused by Covid-19 and remote work have added new endpoints, BYOT devices, unsecured networks, and shared devices to the IT architecture. Additionally, policies and processes are dynamic. These are constantly creating weaknesses and gaps in security too. Data suggests that the time taken to identify insider threats has a significant impact on the cost of such threats. Threats that were identified in less than 30 days cost only half of what incidents lasting over 90 days cost.
You need to deploy security tools such as automated web scanners and Web Application Firewall (WAF). This way, you can gain full visibility into your IT infrastructure (including remote devices and third-party components), proactively identify gaps and weaknesses, and secure these paths of least resistance. This apart, you need to conduct regular pen-tests and security audits to unearth vulnerabilities arising from logical flaws and unknown vulnerabilities.
Recalibrate the Security Tools and Models Consistently
It is not adequate that you deploy the best of security tools and behavior modeling to prevent insider attacks. You must continuously tune the tools and recalibrate the behavioral models to ensure that they effectively identify and stop malicious activities/ requests.
For instance, remote login patterns, after-work activities, and logins mistyped password attempts, file access patterns, etc. need to be closely monitored and policies tuned to ensure better insider threat protection. This is important because employees are working at different hours and from different locations. The pre-pandemic policies and models may not work.
Stop Threats in Real-Time
Monitoring cannot be limited to just forensics and litigation purposes. You must closely monitor the behavior and patterns of insiders to prevent insider threats in real-time. You must track how, who and why they are accessing business-critical resources, company IP, the cloud, and so on. This must enable you to anticipate and stop actual threats.
Note that insider threats do not always use malicious methods. Negligent, less dangerous, unintentional, and even acceptable behavior could be leveraged to orchestrate insider attacks. Your security solution must enable you to do so and stop threats in real-time.
Given the rapid digital transformations ushered by the Covid-19 pandemic, insider threats in 2020 are emerging as the top security concerns for all kinds of organizations. Protect your mission-critical resources and data from insider threats by choosing an intelligent and holistic security solution like AppTrana.