It Doesn’t Take a Bad Actor to Create an Insider Threat
In our last post, we explained why consumer-grade file-sharing services are risky business in terms of data security. These tools are handy, but they provide very little control over how information is accessed and shared. On top of that, employees often subscribe to these services without the approval of management or IT. There’s no way for the company to know how much sensitive data is stored in these “shadow IT” platforms.
At Verteks, we recommend that our customers implement a business-grade file-sharing solution that provides control over access and sharing permissions and uses encryption to minimize the risk of data leaks. By providing an alternative, you’ll have better luck curtailing the use of consumer-grade services.
But no technology tool is going to prevent bad user behavior. To really protect your sensitive data, you have to get to the heart of the insider threats within your organization.
Understanding Insider Threats
Most people think of insider threats as purposeful attempts to steal information or harm the company. However, most do not involve any malicious intent. They are more likely to fall under the heading of “human error,” often involving employees who unintentionally mishandle sensitive data or commit policy violations with “workarounds” to make their jobs easier.
In addition to using consumer-grade file-sharing services, employees frequently send files to personal email accounts, download them to an external drive or memory stick, or upload them to cloud storage. These commonplace practices make data vulnerable during transmission and in storage on platforms outside the organization’s IT environment. Work-from-home strategies have made these activities more prevalent.
Third-party vendors with privileged network access also create significant risk. There are many cases where these trusted outsiders unwittingly open up vulnerabilities by sharing files and user credentials with other members of their organization.
The Harvard Business Review has estimated that at least 80 million insider attacks occur in the U.S. each year. However, that number might be quite low because such events often go unreported. Many organizations admit that they don’t have adequate safeguards to detect or prevent attacks involving insiders.
Minimizing the Risk
To address the threat, you should establish appropriate use guidelines for your technology assets. These policies should be precise yet easy to understand and frequently reinforced with employee education programs. You should also ensure that your security infrastructure isn’t entirely focused on outside threats. Firewalls, intrusion prevention and anti-malware solutions are essential but don’t address threats from inside the network.
Access control solutions can help improve your visibility and control of network activities. They perform authentication and authorization functions and can restrict access to key resources based on role- or identity-based policies. Best-in-class solutions also allow you to identify patterns of behavior by users or groups that might indicate policy violations.
There is a tendency to think of security breaches as sophisticated attacks by external bad actors, but those are just the ones that make headlines. More often than not, data loss and exposure are the result of user error. That’s why effective security requires an educated workforce, integrated solutions and constant vigilance.
September is National Insider Threat Awareness Month, a collaborative effort among several federal agencies to highlight the importance of detecting, deterring and reporting insider threats. Now’s the perfect time to contact Verteks to discuss how our security assessments, solutions and services can help improve your organization’s security posture.
