Insiders should make private- and public-sector security teams nervous.
Their access to critical IT systems, company assets such as intellectual property, and the personal information of customers and employees makes insiders a formidable risk that deserves the same level of attention as external threats.
And insiders don’t have to act maliciously to be a risk to the business. Many times, an insider accidentally emailing sensitive or confidential information outside the organization poses as serious a threat as a nasty ransomware infection.
At other intervals, however, employees become disgruntled insiders who steal data, advertise their access within an illicit online community, or are recruited by criminals, competitors, or even nation-state intelligence services. Insiders are a risk that must be managed and require a blend of technology and understanding of behavior to properly analyze a threat before it costs an organization dearly.
Flashpoint has put together a research paper that identifies the risks associated with insiders—primarily data loss and private account misuse—and explains the detection and prevention mechanisms that must be in place and act as the backbone of any insider threat program (ITP).
The paper delves into the motivations that may spur an insider to go rogue—hint, profit is No. 1—and while an insider’s motivations may mirror those of an external attacker, defenders should in no way approach the two the same way.
For example, insider threat teams must rely on external information sources, such as monitoring deep and dark web forums for indications of insiders soliciting company data, as well as a mechanism for correlating internal data through user behavior analytics tools (UBA).
UBA can find patterns of malicious or unauthorized user behavior stored in network management and security operations management systems, and raise alerts to managers that may kick off further investigation. Investigators may also use it to identify other sources of evidence left behind by an attacker or characteristics and methods that may illuminate the timeline of an incident.
The paper also covers the three key components of an insider threat program and explains how investigations are multi-level processes that require intricate types and depths of analysis and the involvement of stakeholders from throughout the organization.
Download the research paper, Insider Threats Pose Unique Set of Challenges, and read an in-depth examination of:
- Managing insider risks
- How insider threats do not mirror external risks
- The potential for unintentional insider risks
- The dynamic investigative skills needed to support an insider threat program