What Are Insider Threats and How Can You Mitigate Them?Orhan Sari
An insider threat is a security threat that arises from inside an organization which generally includes a current or former worker or partner who has the ability to obtain to sensitive information within the organization, and abuses this role. Today, most of the security actions serve for external threats and most of the companies are not unfailingly proficient in recognising an internal threat originating from within the organization. Learn 2019 insider threat statistics to see how you are prepared against these attacks.
2019 Insider Threat Report by Fortinet, 1 unveils the newest trends and difficulties organizations facing against insider threats, like how IT and security professionals are dealing with risky insiders, and how organizations are preparing to better protect their critical data and IT infrastructure. The report has been created by Cybersecurity Insiders, the 400,000-member community for information security professionals, to investigate how organizations are reacting to the evolving security threats in the cloud.
According to insider threat statistics in this report:
- 68% of organizations feel moderately to extremely vulnerable to insider attacks.
- 68% of organizations confirm insider attacks are becoming more frequent.
- 56% believe detecting insider attacks has become significantly to somewhat harder since migrating to the cloud.
- 62% think that privileged IT users pose the biggest insider security risk to organizations.
This data reveals that insider threats remain as serious risks for organizations and they still need vital effort in designing and building effective insider threat programs, including user entity and behaviour analytics (UEBA).
1. Insider threat types and insider threat statistics
There are three types of an “Insider Threat”
- Inadvertent insider breaches
- Negligent data breaches,
- Malicious intent by bad actors
According to Fortinet report, companies are somewhat more worried about inadvertent insider breaches (71%), negligent data breaches (65%), and malicious intent by bad actors (60%) than they are about compromised accounts/machines (9%).2
2. What are Motivations for an Insider Attack?
According to insider threat statistics in this report, the underlying motivations of insiders are fraud (55%) and monetary gain (49%) the biggest factors that drive malicious insiders, followed by theft of intellectual property (44%). The ideal insider threat solution apprehends threats from all of these vectors, including financial, personal, and professional stressors as signs that a person is at risk or already an active insider threat. 3
3. IT Assets That are Most Susceptible to Insider Threats
Databases (56%) and corporate file servers (54%) pose the highest risk, followed by endpoints (51%) and mobile devices (50%) are the top IT assets that are vulnerable to insider threats.
4. Type(s) of Insiders That Pose The Biggest Security Risk to Organizations
According to insider threat statistics in the report, the privileged IT users (62%) pose the biggest insider security risk to organizations, followed by contractors, regular employees, and privileged business users (all tying at 50%). 4
5. Departments or Groups That are at Risk
According to the report finance departments (41%), support/customer success (35%), and research and development (33%) as the highest risk of insider threats. note]https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/insider-threat-report.pdf [/note]
6. Insider Threats are On the Rise
The report also reveals that a significant majority of organizations (68%) observed that insider attacks have become more frequent over the last 12 months. In fact, 67% have experienced one or more insider attacks within the last 12 months. https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/insider-threat-report.pdf [/note]
7. The Impact Insider Threats Have On Organizations
Insider threats have a lot of impacts on organizations and Operational disruption
(61%) is the top impact they have faced, then brand damage (43%) to loss of critical data (43%) follows as top impacts.
Best Practices in Preventing and Detecting an Insider Threat
1. Employ risk assessments
2. Train your all employees periodically with best cybersecurity awareness methods.
Your employees should be aware of your security policies and procedures and how to protect their organisation ağainst internal threats.
3. Implement division of duties and least privilege.
Separation of duties necessitates the implementation of least privilege: Authorizing people only for the resources they need to do their jobs.6
4. Execute strict password and account management policies and practices.
Should your organization’s computer accounts can be jeopardised, insider threats will have an occasion to bypass both manual and automated mechanisms, therefore adopt strict password and account management policies and practices.
5. Monitor your employee’s online actions.
Monitoring the employees’ online status is important to discover and examine suspicious insider actions before major severe outcomes arise.
6. Beware of the system administrators and privileged users.
Logging and monitoring should be performed by a combination of system administrators and privileged users. Therefore, extra attention must be applied to those users.7
7. Actively shield against malicious code.
Privileged users like system administrators can array logic bombs or install other malicious code on the system or network. These types of attacks are difficult to detect ahead of time, still, practices can be realised for a speedy detection.
8. Apply layered defence against remote attacks.
Remote access policies and procedures must be created and executed very carefully since insiders tend to feel more confident and less restrained when they have little fear of examination by coworkers.
9. Monitor and respond to suspicious behaviour.
In addition to monitoring online actions, organizations should closely monitor other suspicious or disruptive behaviour by employees in the workplace. 8
10. Computer and network access management after employee termination.
When employment is terminated, it is important that the organization have a job termination procedure that disables all of the employee’s access points to physical locations, networks, systems, applications, and data.
11. Execute secure backup and recovery methods.
It is important that organizations always think for the possibility of an attack or disruption and implement secure backup and recovery policies.
12. Create an insider threat control checklist or documentation.
Insider threat control checklist or documentation will help to secure your organisation against vulnerabilities for an attack.