Looking at insider threats from the outside
by Nir Polak - CEO of Exabeam - Wednesday, 30 July 2014.
Cybersecurity is a never-ending battle requiring around-the-clock attention. From malware to DDoS to APT attacks, front-line IT security teams are being constantly bombarded. With all this attention on external actors, many businesses do not take seriously enough the risk of insider threats – those acting from within the company.

Employees going rogue is not uncommon; oftentimes after a data breach occurs, it is revealed that John Doe from accounting or IT had carried out the act. Thus begins a tremulous relationship between employer and employee that balances healthy suspicion with trust. No business wants to admit its own employees are potential threats, and not all employees deserve to be considered suspects. But when it comes to securing IT assets, preparation is key.

When it comes to insider threats, there are two distinct groups: malicious insiders and compromised victims. Those in the latter group likely clicked on a link they weren’t supposed after being targeted by a sophisticated email phishing campaign or watering hole attack from an external agent, unknowingly giving up access to their network user credentials. Now able to mimic the employee’s behavior, the agent can move throughout the IT network undetected. To prevent user credentials from being compromised, businesses implement rigorous cybersecurity awareness training and protocols to educate employees on common attack tactics. However, all it takes is one employee opening up the wrong attachment for these efforts to go to waste.

Malicious insiders, on the other hand, are much harder to ferret out. For any number of reasons, be it dissatisfaction with current management, a poor review or competitive espionage, to name a few, these are employees who are well-attuned to the corporate network and perfectly capable of carrying out the attack themselves. Not only that, but malicious insiders can target a co-worker’s credentials and frame that person for executing an attack.

The problem is that giving employees access to company assets is mission critical and can’t be avoided, but you can’t treat all employees like potential criminals. Being suspicious of every employee creates a culture of distrust, which could ironically create more malicious inside threats. Businesses are finding that conventional approaches to cybersecurity just aren’t cutting it.

The latest buzzword in cybersecurity circles is people-centric security (PCS), which places greater emphasis on personal accountability and trust, and less on restrictive security controls. While this is certainly a noble exercise, the potential fallout of a single data breach is just too great a risk.

No business can anticipate when an inside threat will result in a data breach, and so IT security teams shell out billions of dollars per year on network protections. But as cybersecurity technology evolves, attackers immediately get to work to find new ways around it. It’s a vicious cycle that shows no signs of slowing down, given the high price tag attached to a business’ precious data.

So how do companies get off this merry-go-round? If there’s one common denominator when it comes to insider threats both malicious and unintentional, it’s suspicious user behavior. Businesses already have the infrastructure in place through SIEM and log management systems that are designed to trigger alerts whenever a potential threat is detected.

The challenge lies in being able to filter out the viable threats amid the thousands of alerts triggered per day. IT security teams can do this in a way that’s non-intrusive to employees by first establishing normal user behavior – knowing which IT assets and systems workers and their teams should be accessing on a regular basis.

Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //