The trusted insider has always been a security risk - whether an executive with access to sensitive information or an administrator on an enterprise network.
According to a recent report, 58% of Singapore respondents state that cyber breaches and insider threats, which include malicious insiders stealing, manipulating or destroying data, are the fastest-growing risks faced.
Our own research in our annual Global Advanced Threat Landscape report also revealed that security decision makers aren’t exempt from putting their organizations at risk – with 87% of Singapore respondents worrying that they might personally introduce a cybersecurity incident into their organization.
Many are aware of the threat posed by malicious insiders. But, as these figures go to show, it is not only the malicious you need to worry about – don’t underestimate the threats posed by human error and good intentions.
To Err is Human
The most common problems for businesses include system misconfiguration, poor patch management, using default settings and weak passwords, lost devices, and sending sensitive data to the wrong e-mail address. Some of these problems are due to the individual’s poor decision or a slip of the mouse. It could be something as simple as clicking “reply all” on an e-mail. Some, however, are the result of poor policy or poor management. System configurations and patch management should be matters of organizational policy and should be periodically assessed.
We will never rid ourselves completely of mistakes but, with 64% of organizations finding that negligence is the root of most incidents, there is vast room for improvement and a definite need. With the damage caused often amplified due to excessive permissions, organizations need to get a firmer grasp on their privileged accounts and remove access where it’s unnecessary. For example, any employee with unconstrained access could, accidentally or maliciously, become a dangerous insider.
The Path to Poor Security Is Paved with Good Intentions
Most employees just want to do a good job and be recognized. In fact, many go out of their way to do their jobs efficiently, and that can pose a problem. It is not uncommon for employees to install unauthorized wireless access points to make it easier to connect to the network throughout the office. These points can improve productivity and worker satisfaction but, unknown and unmanaged by administrators, they also create security gaps that can be exploited by attackers to gain access to the organization’s network. Despite the fact BYOD has now been around for years, many organizations are still grappling to put sound policies and procedures in place to protect themselves.
Workers often see security as a roadblock rather than an enabler. When this happens, they will find ways around policy in order to do their jobs more easily and become insider threats.
The Unwitting Accomplice
Honest insiders are also targeted by malicious outsiders through the use of social engineering. E-mail phishing (and spear-phishing to target high-value individuals) is still one of the most common types of social engineering, with attackers becoming increasingly sophisticated in their approaches, unwittingly drawing employees in.
Insider threats do not stop with your employees. Third parties are also able to present potential threats. Contractors, business partners and links across the supply chain – both upstream and down - all present threats that can be used to compromise your network from the inside.
One of the key threats we see is attackers actively targeting highly permissioned users, looking for those individuals or accounts which can open the doors to the rest of the organization and the valuable data held by them.
The first line of defense against the well-intentioned insider is awareness and training. All employees should be educated to understand the risks, organizational policies and the reasons for them. With regulation such as GDPR coming into force and customers increasingly aware of the threat posed by cyber attackers, organizations can no longer afford to keep cyber siloed.
At the same time, business leaders need to engage with their security teams to ensure that they have the correct measures in place to protect themselves, shut down attacks and the ability to report back on attacks faced, and the resulting implications for customers or business data.
The only way to defend against both accidental and malicious insiders is to address the threat, not the individual. This starts by locking down unnecessary, unconstrained access for users, which if left unchecked serves to amplify the insider threat. There are a host of reasons behind insider threats, be they accidental or malicious, and organizations must ensure they have the right policies in place to protect themselves as much as possible.
This contributed article is by Jeffrey Kok, Vice President of Solution Engineer, Asia Pacific, and Japan, CyberArk. The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.