The Enemy You Know (or you think you know)

A new industry study that reveals more than half of security professionals surveyed say insider threat incidents have become more frequent in the past 12 months.

Of the 508 security professionals polled by LinkedIn’s Information Security Community and Crowd Research Partners, 74% of the respondents say their organizations are vulnerable to insider threats. That's a 7% increase from last year's survey by the groups conducting the research.

Corroborating that trend is another recent survey by CyberArk that found over half (52%) of office workers would access sensitive company data if they knew they wouldn’t get caught.  So what’s holding them back?  It’s not exactly a guilty conscience. While 40% say they haven’t attempted access because it’s morally wrong, over a fifth of those surveyed said it’s simply a lack of technical skills that keep them from hacking their employer.

Before you start side-eyeing every employee that walks past your office wondering if they are the next would-be cybercriminal to pose a threat, it’s important to recognize that most employees aren’t out to deliberately cause the company harm.  Most respondents said they would use the access to search for office gossip, give themselves a pay raise, or allocate themselves extra time off.  But there is a small percentage that said they would be prepared to sell information to competitors for financial gain or to blackmail their boss.

What user groups pose the largest security risk to organizations?

Respondents of the LinkedIn study ranked privileged IT users, such as administrators with access to sensitive information, as the biggest insider threat (60 %). This is followed by contractors and consultants (57%), and regular employees (51%).

As for how they gain access, endpoints (57%) by far are the most common assets used to launch an insider attack.

How do you stop malicious insiders?

The basic rule in defending against malicious insiders is to address the threat, not the individual. It’s not the people posing the real threat; it’s the privileged access. The process of securing privileged accounts should be on-going with continuous evaluation.  And adjustments should be made as the threat landscape changes.

To effectively protect against insider threats, businesses should minimize user privileges and extensively monitor privileged accounts, which are consistently targeted by insider attackers. Automated real-time detection and alerting on risky activities within privileged sessions should be implemented, or an inside attacker may operate undetected for long periods of time.

What about the threat from the outside?

While this new study focuses on the potential threat employees might pose without the proper access controls, it’s also a critical reminder of the threat that hackers who are impersonating as insiders could pose.

If more than half of your trusted employees would be prepared to access sensitive data, imagine the damage a cybercriminal with sophisticated skills and malicious intent could cause.

Security experts agree that one of the most effective ways for attackers to access sensitive data is to masquerade as a legitimate insider – using existing privileged credentials to achieve broad, unfettered access to a company’s most valuable assets. Which means it’s more important than ever that companies have security measures in place to stop unwanted insiders in their tracks and protect their most valuable data.

SLPowers can bolster your network security by denying or restricting network access to endpoints that do not comply with your security policy.  We can establish a security perimeter around every device that connects to the network, enforce how and when users access your environment, and ensure the integrity of every device that connects to your network – even those that don’t belong to you.   Give us a call.