Do you have employees
with access to computers?
Do you trust them?
Provided an organization has employees,
whether trusted or not, it is susceptible
to insider threats.
Due to the latest occurrences where employees have been forced to change their working routines to working remotely, The latest information as collected by several security firms shows that the number of cyber incidents resulting from insiders has of-today increased by approximately 47% from the recent statistics two years ago, this has not only brought notice to increased threats but also has increased the number of cases to which more than 34% of business enterprises have been affected.
To this end, common victims are financial organizations which have been made a prime target for insider threats because they are more lucrative. These organizations are considered to have an epitome of luxury when it comes to confidential data (company data, personal data for senior employees, client data). This data is worth a lot when criminals get hold of it and resell it on the black market. Financial institutions store almost all details on bank accounts, some of which could be; credit card information, Social Security Numbers (SSNs), personally identifiable (PII) information, and other confidential data. This is data that is interacted with on a daily in times of work whereby the organization processes, transfers, and stores this data continuously.
In the context of information security, it’s imperative for all employees to comply with the data privacy and protection act. They ought to know the impact of the acts in their line of work because in most cases, many employees are likely to be driven by financial benefit. Employees that are reluctant on their security posture are potential targets.
According to the previous meta-data breaches, it has been noticed that the financial sector is regarded as a great target.
Who are insiders in this case?
An insider threat is any person connected to your organization, who has partial or complete access to sensitive company information, the information might be financial data, company client’s data, sales data and any other form of data regarded as confidential to the organization. The insider is not only an active employee but also could be a terminated employee, a board member, a consultant or a mere vendor. In fact, virtually anyone with access to the office premises or sensitive company information, either in the present day or in the past.
According to the 2019 insider-threats report by Fortinet, it indicates that most damaging security threats today are not the result of malicious outsiders or malware, but instead originate from trusted insiders (whether malicious or negligent) who have access to sensitive data and systems. And also findings as per report has it that;
- 68% of organizations feel moderately to extremely vulnerable to insider attacks.
- 68% of organizations confirm insider attacks are becoming more frequent.
- 56% believe detecting insider attacks has become significantly to somewhat harder since migrating to the cloud.
- 62% think that privileged IT users pose the biggest insider security risk to organizations
The Malicious Insider Threat
Malicious insiders are people who intentionally seek to steal or channel confidential information, disrupt the network or business, or try to cause harm to the organization.
The nearest example of malicious insiders is former or disgruntled employees whose aim is to harm the business. It goes to worst when currently active employees are paid to act as a passage for confidential information. And, of course, employees in dire financial circumstances may be tempted to engage in malicious activity to enrich themselves.
The Remote Worker Threat
In the month of March, due to the prevailing pandemic, many organizations resorted to remote working and thereby making most (if not all) their employees’ remote workers depending on the nature of the work. To this end, the said remote-workers or employees working from home pose a great risk to their organizations. Taking an example, employees are connecting to the organization’s corporate network through a home or public network which has not been proved safe for sharing confidential company information.
It becomes even worse when remote workers (employees) use personal gadgets like personal computers and printers and mobile phones that may not be secure. These may even be used by other people. When these devices are lost or stolen, it can be difficult or impossible to secure any data stored on that device.
Remote working or working in isolation is a sure way to make some employees potential victims to social engineering attacks. This is because an employee can’t walk over to a supervisor or the IT department to ask whether or not something is legitimate. And with less restriction, oversight, and engagement, remote employees have increased opportunities to engage in activities that might undermine corporate trust, expose information, and put the company and its data at risk. Nefarious employees may be especially tempted to do things that they wouldn’t otherwise try to do in the office, such as attempting to gain unauthorized access to data repositories or databases remotely without permission and with confidence that they are not noticed.
From an IT perspective, when there are increased traffic logs from external connections, it implies more event data to review, often by overtasked IT teams trying to manage an entire workforce in transition, which means malicious activity could fall through the cracks.
How to handle insider threats during this lockdown (remote-working)
If there is any serious threat to ever think about and one to protect against by any organization, it is the insider threat. This is one of the most challenging vectors to manage and mitigate because it comes from the very trusted users who are authorized to access specific networks, data, and other connected resources. Unfortunately, they might be the very users who may cause damage to those same networks and data.
At Summit Consulting, the summitSECURITY team helps your organization to address the challenges posed by insider risks during the lockdown times like these as employees work remotely. We help you to propose an active strategy that includes the following steps:
- Make sure you protect all endpoints: As one of the attack control techniques, all endpoints that participate in data processing and transfer need to be regularly assessed for vulnerabilities and advanced persistent threats. Security solutions such as EDR (endpoint detection and response) can stop breaches and malware in real-time, combined with a holistic security framework that can automatically identify, respond to, and remediate incidents to protect data, ensure system uptime, and preserve business continuity.
- Enable Secure Remote Access: Deploy licensed SSL VPN capabilities with strong authentication to enable employees to securely connect to the corporate network and data repositories from remote locations.
- Encrypt Data: All sensitive data that is being stored on employee devices, as well as data stored elsewhere, should be encrypted. Otherwise, remote workers should be prohibited from storing data on their devices.
- Continuously Monitor: Ensure your security staff is leveraging Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) technologies to monitor and alert on unusual login attempts, unexplainable large data transfers, or other behaviours that seem out of the norm for systems and users.
- Access Control: Deploying network access control (NAC) provides visibility, control, and automated response for everything that connects to the network. This is to help the IT to discover every user, application, and device or your network. And once devices are correctly identified and classified, then restrictions to user access is made to only those resources necessary for them to do their job.
- Training employees: Employees need to be regularly trained on the trending technologies and newer attack vectors and also on company expectations and policies related to secure remote access. Good cyber hygiene and awareness of social engineering attacks via attack vehicles such as phishing, smishing, and vishing also need to be made known to employees.
By refining your security protocols, including the outlined above, organizations can close the gap on insider threats so that business protection and continuity are maintained.