Insider threats are hardly a new problem. As companies increasingly rely on data connected to complex networks, they also rely on their employees to make sure that data stays out of the wrong hands.
The trouble is, unlike the hackers lurking outside the corporate network, insiders can directly access sensitive information and critical systems without having to bypass security controls. Data breaches often result from employees mishandling data and information technology.
While many security incidents that originate with insiders are the result of negligent behaviors, intentional acts are far from being a rarity. In fact, the risk of disgruntled employees going after their employers systems has prompted the U.S. government to take action. This year, the National Geospatial-Intelligence Agency is at work on a software suite designed to detect behavioral patterns predicting the risk of a malicious insider incident. The program will analyze traffic on work devices and apply a behavioral algorithm to its content.
Hackers know this well already and aim to exploit them directly. Recent research into dark web forums has revealed black hat hacking groups seeking out employees willing to assist in cyber criminal efforts. In some cases, hackers directly ask for sensitive information to inform insider trading or other illicit activities. In other instances, employees are asked to help process illegal transactions using stolen credit cards. And in perhaps the most concerning cases, hackers equip rogue employees with malware and exploit tools to gain ongoing access to systems.
As an organization, you won’t want to wait for new software developments to mitigate the risk from insiders colluding with hackers. Here are three important areas you can look into now to strengthen your defense:
- Identity management: No employee should have unlimited access to data resources. To be more specific: The data available to an employee should be limited to their role in the organization. Separation of data and authentication structures can mitigate the risk presented by a given employee.
- Secure network design: Both logical and physical separation of data systems is important. The amount of damage a malicious insider can do might depend on how a network is structured. This is particularly important in cases where an employee is facilitating network access for a cyber criminal.
- Monitoring: The GSA’s software development is attempting to move behavioral prediction forward in the cyber security space. Fortunately, advanced monitoring solutions are already capable of detecting insider threats based on suspicious events.
Lunarline helps organizations mitigate their risks from insider threats and can support you in your efforts to improve identity management and secure network design. We also offer insider threat detection through our state-of-the-art managed security programs. For more information on how we can help you, contact us online today!