Information Security Today Home

New Books

Machine Learning Forensics for Law Enforcement, Security, and Intelligence by Jesus Mena; ISBN 9781439860694
Managing the Insider Threat: No Dark Corners by Nick Catrantzos; ISBN 9781439872925
Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks by Kenneth Brancik; ISBN 9781420046595
Fraud Prevention and Detection: Warning Signs and the Red Flag System by Rodney T. Stamler, Hans J. Marschdorf, and Mario Possamai; ISBN 9781466554542
Cyber Fraud: Tactics, Techniques and Procedures by Verisign iDefense Security Intelligence Service; ISBN 9781420091274

The Top 10 Ways to Combat Insider Threats

By Lancope

An adversary who attacks an organization from within can prove fatal to the organization and is generally impervious to conventional defenses. But there are things you can do to mitigate the risk. Below is Lancope's Top 10 Ways to Combat Insider Threats.

1. First and foremost, it is important that your company conducts thorough background checks before hiring employees, contractors or third-party vendors so you will know exactly who you are working with. While certainly not the end-all-be-all, this critical first step can help curb individuals such as competitors or criminals from infiltrating your organization and network with the sole intent of stealing data.

2. Once employees are hired and given access to sensitive systems, establishing appropriate checks and balances is key. There should never be just one individual who has administrative access to a system, as this could essentially leave the person free to do whatever they want with the data or device, or even enable him/her to hold your data hostage when they leave the company. Shared usernames/passwords should also be avoided as they do not hold the individual users accountable, and could still be used by people who have since left the organization.

3. Speaking of individuals leaving the organization, it sounds obvious, but thorough measures need to be taken to revoke previous employee and contractor access to your company’s systems. Also pay particular attention to the person's active sessions at the time they leave, as they may still be logged in somewhere and able to do damage if they wish.

4. Understand the different types and characteristics of insider threats--negligent, malicious and compromised--so that you can better detect and protect against them. Certain network behaviours can be indicative of an employee device that has been compromised, for example, or a malicious employee who is attempting to hoard or exfiltrate data. Being familiar with some of these behaviours can help ensure that you have the right defenses in place, as some security controls will be effective against certain types of insider threats but not others.

5. While not always effective, access controls can serve as a key deterrent for both negligent and malicious insiders. Making it harder to access sensitive data can keep honest people honest, but also put a wrench in the plans of malicious attackers.

6. Encryption of data at rest is crucial for minimising the impact should a negligent employee lose his or her laptop or other equipment.

7. User education should not be overlooked. It is a lot easier for employees to abide by best practices if they are aware of them, and are educated on the serious impact that their careless, but seemingly benign actions could have on the organization.

8. The collection, analysis and storage of various types of network logs should be a critical component of any insider threat security program. By leveraging network activity logs from various technologies such as firewalls, IPS systems, SIEMs, packet capture and, in particular, NetFlow, your organization can more easily be aware of and subvert insider attack attempts. Knowing that their activities are being monitored can also help deter insiders from "doing bad" on the network.

9. Some monitoring solutions also provide additional security context such as identity, application and device data, which can be invaluable for quickly tracking down the source of insider attacks.

10. Last but not least, it is important to realize that the IT department alone cannot adequately protect a company from its own insiders. Insider threat programs must be cross-organisational efforts that also involve other departments such as Management, Legal. Management and HR can tip the IT team off to any disgruntled employees who may try to harm systems or steal data, and these other departments can also help IT in taking the appropriate actions should insider threat activity be detected.

You can also listen to Insider Threat: Hunting for Authorized Evil, a complimentary webinar for additional information on insider threats.

Related Reading

The Insider Threat: A View from the Outside

Insider Threats Remain Low Priority

Fundamental Elements of Computer Fraud

My Boss Thinks I'm a Security Threat!

Managing the Insider Threat: No Dark Corners by Nick Catrantzos; ISBN 9781439872925

Subscribe to Information Security Today

Share This Article

Bookmark and Share

© Copyright 2014 Auerbach Publications