How to Detect and Mitigate Malicious Insider Threats

Insider Threat

Insider threats come in many forms. A great deal of issues within the workplace regarding confidentiality, integrity or accessibility are accidental mistakes caused by a lack of awareness or training. But an element that destroys businesses every year, are malicious insider threats. These insiders are the employees within an organisation with altera motives, who do not hold the companies’ best interests at heart. 

These people usually join a company, and over time, as more and more access to systems, technology and processes is granted, and access to assets like documents, Team chats, ppt’s, sensitive data and more is available, steal the sensitive data and exploit company processes by releasing them online or by selling the information to competitors. 

Growing Fear of Insider Threats 

Last year the global Managed Security Service Provider, SecurityHQ, released a poll on LinkedIn, within the cyber intelligence group known as ‘Advanced Persistent Threats (APT) & Cyber Security Threat Actor Group’. The group contains over 70,604 cyber security professionals, to which the question, ‘What Keeps You Awake at Night?’, with the option to select one of three possible answers, was raised. 

After a week, the results were gathered. Out of the three options, over 55.29% of those who took part in the poll said that Insider Threats kept them awake at night. Followed by Third Party Risks, at 23.87%. And finally, Nation State Actors at 20.85%. 

What is interesting here is that if presented with the same question a few years back, you would have expected a very different response. Now adays, not only can you employees hold insider attacks, but so can vendors. When working with any vendor outside of your organisation, regardless of the industry, or size of organisation, you need to have agreements in place, like SLAs and NDAs, to ensure that your data is not used maliciously. Not only must you protect yourself against the possibility of a vendor using you and your business for ulterior motives, but you must keep in mind the scenario if a supply chain attack were to hit your vendor / partner, stealing your data in the process, would you be able to handle it. 

How to Mitigate of Insider Threats 

First, make sure you have Data Loss Protection (DLP) in the event of data leakage. 

Second, ‘User Behaviour Analytics is essential to understand the actions within an organisation, and to highlight and stop unusual activity before the damage is done. By using ML algorithms, expert analysts can categorise patterns of user behaviour, to understand what constitutes normal behaviour, and to detect abnormal activity. If an unusual action is made on a device on a given network, such as an employee login late at night, inconsistent remote access, or an unusually high number of downloads, the action and user is given a risk score based on their activity, patterns and time.’  Eleanor Barlow, SecurityHQ 

UBA provides visibility into threats and risks that cannot be detected by SIEM, IPS and other security tools, to identify malicious and anomalous activity arising from zero-day exploits, as well as malware or insider activity.

Contact SecurityHQ to learn more about UBA, and how it can help your organisation spot insider threats before the damage is done. 

Or, if you need assistance immediately, report an incident here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here