By Isaac Kohen, founder of Teramind, provider of behavior analytics, business intelligence, and data loss prevention (“DLP”) for enterprises.
A company’s employees are one of its most valuable assets, but they are also its most vulnerable cyber attack surface.
While most cybersecurity threats come from outside an organization, Verizon’s most recent Data Breach Investigation Report found that about one-fifth of cybersecurity incidents “involved internal actors, who caused both intentional and unintentional harm through misuse and simple human errors.”
Notably, CISOs recently told VentureBeat that “insider attacks are their worst nightmare because identifying and stopping these kinds of breaches is so challenging.” Indeed no business, enterprise or SMB is immune to insider threats.
To detect and prevent them, organizations need a proactive approach to identify and thwart insider threats before they cause serious cybersecurity incidents. Here’s how you can begin that process at your company today.
1. Double down on digital hygiene.
This solution is so simple that it almost doesn’t feel like a solution at all.
However, I’ve found most people practice horrible digital hygiene, failing to update account credentials after a data breach, maintain strong and original passwords for all accounts or install the latest software updates. Even marginal improvements to employees’ digital hygiene can have an outsized impact on improving a company’s cyber-readiness.
Verizon’s report notes that 74% of breaches include a human element, like the use of stolen credentials or social engineering attacks, underscoring the effect a simple step, like using an original password for all accounts, can have on mitigating the risk of a data breach.
Critically, companies shouldn’t just leave this to chance. Teach employees how to follow digital hygiene best practices and implement accountability solutions that ensure employees enact these guidelines.
For instance, provide password managers to ensure strong passwords and install antivirus software on all devices. Additionally, companies can use data loss prevention (DLP) tools to track and prevent data breaches. (Disclosure: My company provides these solutions, as do others.) Start by classifying your data based on its importance to your business. Choose a DLP solution that integrates seamlessly with your existing infrastructure, and actively manage your policies to adapt to changing security needs.
2. Assume people will fall for phishing scams.
Most data breaches begin with a phishing attack, turning unwitting insiders into accomplices in increasingly devastating cyber attacks. More than 3 billion phishing emails are sent daily, and these messages are steadily becoming more difficult to detect and defend against.
Once-tell-tale signs of a scam—like egregious spelling errors or implausible scenarios—have been replaced by highly personalized content reaching people’s email inboxes, text messaging apps and other digital communications platforms.
In this environment, companies should assume that someone, sometime will fall for a phishing scam, putting the requisite defenses in place to ensure that a single false click doesn’t create a data disaster.
3. Recognize malicious insiders.
Malicious insiders, those who compromise network integrity or data privacy on purpose, are undoubtedly a minority, but they pose a serious threat to company security.
They can be activated by many factors, but a sudden job change from layoffs or terminations is a factor that can’t be ignored. For example, a 2015 survey found that 87% of employees took data they created to their new job, and another survey found that “employees are 69% more likely to take data right before they resign.”
To prevent malicious insiders from stealing company or customer data on their way out the door, companies must cultivate the capacity to proactively identify the signs of data misuse and prevent employees from downloading, sending or otherwise disseminating sensitive information. This includes the ability to:
• Scrutinize and obstruct email exchanges suggestive of data leaks.
• Restrict file transfers to all destinations, encompassing the public cloud and external USB storage.
• Deny access to users during non-operating hours or when connections originate from unfamiliar sources and IP addresses.
• Detect and halt dubious email operations, such as insecure data distribution.
By identifying malicious insiders, companies can deny them the capacity to use their privileged access to wreak havoc on data security and IT integrity.
4. Ready your response.
The moment a cybersecurity or data privacy threat is detected is not the time to decide how to respond. The most cyber-secure companies have already readied their responses, leveraging a rehearsed playbook to mitigate the damage.
Ready your response by creating a plan detailing actions involving not just the IT team but also key personnel in management, legal, PR and HR departments.
Regular drills ensure all stakeholders understand their roles, while continuous updates keep the playbook relevant to evolving threat landscapes.
5. Investigate incidents to continually improve.
With the right information and insights, any cybersecurity incident can become a learning opportunity that makes your defensive posture stronger moving forward.
Forensic tools are fundamental in this endeavor, providing the capacity to trace and understand the sequence of events during a breach. Look for features such as session playback and optical character recognition (OCR) for the extraction of covert activities hidden within unstructured data and offer a granular understanding of the breach timeline.
Moreover, insider threat monitoring software captures detailed logs of user and administrative actions, providing valuable forensic evidence and learning opportunities to minimize vulnerabilities moving forward.
Consider starting with a pilot program to understand how the software impacts your workflow and to identify any gaps in monitoring. Collaborate closely with HR and legal departments to establish ethical guidelines for monitoring employees, while making sure to regularly update the software to benefit from the latest security enhancements.
Employees are a company’s greatest asset, but unfortunately, they also represent the most susceptible surface for cyber attacks. Employees, with their unique access to systems and data, sit at the front lines of this digital battlefield. Their actions, deliberate or inadvertent, can significantly impact an organization’s security posture.
This understanding should drive businesses to invest not only in advanced security technology but also in the ongoing education and empowerment of their teams, ensuring that everyone can anticipate, prepare and respond to the cybersecurity threats that will inevitably come their way.
