Despite widespread coverage of the growing external and hacker cybersecurity threat landscape, many organizations are still not adequately addressing the insider threat, despite this source of attacks being recognized as the root causes of a large number of serious data breaches.
What do Coca Cola, the UK’s Guardian newspaper, US bank SunBank, and singer-songwriter Ed Sheeran have in common? They have announced data breaches during the past month, which were not caused by an external party. Data on close to 8,000 Coca Cola employees was breached by a former employee, the Guardian’s Soulmates website was hacked by someone on the inside, SunBank suffered a data breach of customer information at the hands of an insider, and Ed Sheeran’s medical records were disclosed by the staff at the hospital where he was receiving treatment.
Insider threat remains overlooked
The Ponemon Institute defines insider threats as a careless or negligent employer or contractor, a criminal or malicious insider, or a credential thief. Imposter risks are the most costly according to the Institute’s 2018 Cost of Insider Threats report, while the negligent insider is the root cause of the most incidents.
Organizations tend to be better at providing protection against external cybersecurity threats than internal threats according to reports. According to ComputerWeekly, many organizations are still neglecting the insider threat, despite this threat source being recognized as one of the root causes of data beaches. According to most reports, insider threats account for between 25-33% of all data breaches.
Also PwC’s Global State of Information Security Survey 2018 notes that insider threats remain the top source of security incidents. The report notes that while external threats are decreasing, insider attacks from third parties such as suppliers, consultants, and contractors, and employees have stayed about the same or increased.
Varies from unintentional to malicious
Insider threats cover a wide array of cyberattacks caused by somebody on the inside of traditional perimeter security. While external attacks are mostly always intentional, insider attacks can be both intentional and unintentional. Insider attacks can be the result of an accident or negligence, an unintentional error, compromised credentials, or current or former disgruntled employees deliberately attacking the company.
Insider attacks are costly for organizations. The 2018 Cost of Insider Threats report states that incidents involving negligent employees or contractors cost companies an average of US$283,281 per incident, a cost which more than doubles (US$648,845) if the incident involves an imposter or thief stealing credentials. In comparison, hackers cost the organizations an average of US$607,745 per incident, according to the report. The report concludes that it takes companies over two months on average to contain an insider incident, and only 16% of incidents are contained in less than 30 days.
According to NTT Security’s 2017 Global Threat Intelligence Center quarterly threat report for Q3 2017, employees often put an organization at risk without even knowing it. The report states that only about 25% of insider threats are hostile, the remaining 75% are due to accidents or negligent activity. This calls out for more technical measurements that can limit such accidents or negligent actions.
Possible to keep the threat at bay
Companies need to pay heed to the insider threat and implement the necessary processes and IT systems that limit the access to privacy data and systems, and spot cybersecurity threats before they happen. Organizations need to ensure they are not left wide open to an attack, internal or external.
The insider threat can be prevented, but to do so, organizations need to be better at being in control of what employees have access to, why, and who assigned that access. Know your joiners and leavers, and those moving around in the organization. The combination of these, means you always have an overview of the access to the systems and applications your organization uses and keep potential security holes closed. This will enable you to act quickly, if a data breach does happen. Insider attacks are often the result of credentials being compromised by individual users. With the GDPR, being able to take swift action following a potential breach is also key.
Implement IAM to ensure control – and govern the control
Getting an overview of the organization’s data is a good place to start. Who has access to what, who gave that access, and why, is how identity and access management comes into the picture. Identity and access management allows an organization to automate access control, making security, efficiency, and compliance easy.
Once this is in place, organizations then need to ensure the access control is maintained. Access control should be continually updated according to the set policies. This is the governance aspect, which takes into consideration the joiners and leavers and those moving around in the organization. The combination of these, means the organization has an ongoing overview of the access to the systems and applications the organization uses and can thereby keep loop holes closed off. Being able to document an overview of who has access to which system is also an important part of being GDPR compliant, where access to privacy data must be limited to employees who need this access to perform their job.
Automated processes minimize the insider threats and taking control of identities and privileges improves resilience. Time and time again, security reports indicate that successful cyberattacks are the result of abuse of privileges. Managing the user accounts’ access, including privileged accounts, is therefore key and if this is not already being done, is the first thing organizations should consider.
Identity and access management can help your organization keep insider threats at bay. Find out much more about how you can bring your identity management and access governance to match you evolving needs or get in touch with us to learn more about how we have helped organizations like yours.