Employees going rogue is not uncommon; oftentimes after a data breach occurs, it is revealed that John Doe from accounting or IT had carried out the act. Thus begins a tremulous relationship between employer and employee that balances healthy suspicion with trust. No business wants to admit its own employees are potential threats, and not all employees deserve to be considered suspects. But when it comes to securing IT assets, preparation is key.
When it comes to insider threats, there are two distinct groups: malicious insiders and compromised victims. Those in the latter group likely clicked on a link they weren’t supposed after being targeted by a sophisticated email phishing campaign or watering hole attack from an external agent, unknowingly giving up access to their network user credentials. Now able to mimic the employee’s behavior, the agent can move throughout the IT network undetected. To prevent user credentials from being compromised, businesses implement rigorous cybersecurity awareness training and protocols to educate employees on common attack tactics. However, all it takes is one employee opening up the wrong attachment for these efforts to go to waste.
Malicious insiders, on the other hand, are much harder to ferret out. For any number of reasons, be it dissatisfaction with current management, a poor review or competitive espionage, to name a few, these are employees who are well-attuned to the corporate network and perfectly capable of carrying out the attack themselves. Not only that, but malicious insiders can target a co-worker’s credentials and frame that person for executing an attack.
The problem is that giving employees access to company assets is mission critical and can’t be avoided, but you can’t treat all employees like potential criminals. Being suspicious of every employee creates a culture of distrust, which could ironically create more malicious inside threats. Businesses are finding that conventional approaches to cybersecurity just aren’t cutting it.
The latest buzzword in cybersecurity circles is people-centric security (PCS), which places greater emphasis on personal accountability and trust, and less on restrictive security controls. While this is certainly a noble exercise, the potential fallout of a single data breach is just too great a risk.
No business can anticipate when an inside threat will result in a data breach, and so IT security teams shell out billions of dollars per year on network protections. But as cybersecurity technology evolves, attackers immediately get to work to find new ways around it. It’s a vicious cycle that shows no signs of slowing down, given the high price tag attached to a business’ precious data.
So how do companies get off this merry-go-round? If there’s one common denominator when it comes to insider threats both malicious and unintentional, it’s suspicious user behavior. Businesses already have the infrastructure in place through SIEM and log management systems that are designed to trigger alerts whenever a potential threat is detected.
The challenge lies in being able to filter out the viable threats amid the thousands of alerts triggered per day. IT security teams can do this in a way that’s non-intrusive to employees by first establishing normal user behavior – knowing which IT assets and systems workers and their teams should be accessing on a regular basis.