Sanjai Gangadharan Sep 14, 2018 16:49 PM IST
Employees are the foundation stones and strongest ambassadors of any organisation. But what happens when it is the insiders themselves that lure the worst threats in? The carelessness of employees while handling critical information and credentials weakens the security landscape of the organisation further, along with the threats posed by cybercriminals trying to breach into organisational networks. Also, with India being the fourth most targeted country in the world for cyberattacks, it is high time we start tackling our cybersecurity problem from the root of it.
The insiders that cause the threats
All insider threats can often be classified into two different segments: the intentionally criminal employee and the unsuspecting, clueless, one. The way of dealing with these two groups has to be different too, but it is not a simple process. The goal should be to understand the motive behind the malicious behaviour while separating them from the ignorant ones.
The former group—the criminals, follow the classic motive-and-opportunity paradigm and can be inspired from many sources such as a bad review, peer or management conflicts, political views or nation or state pressure. Whatever the motive be, there needs to be an opportunity component. The opportunity can come through increased access, existing access or more sinister methods such as privilege escalation methods or just dumpster diving, looking under keyboards and so on.
Social engineering tactics are also leveraged to gain access. Typical examples of this can be seen in the public sector with various scandals, specifically as seen by many of the espionage cases in the last couple of years. However, as cliched as it may appear, spilling coffee on an interviewer’s shirt to plug in a USB drive is still a good tactic that would leave the interviewer completely unaware if they were caught with their screen open.
The latter group—the unknowing suspect, may be any employee who has access but does not have the knowledge or situational awareness of an attack, like a classic spear phishing tactic that gives the victim an impression that nothing is out of the ordinary. These types of attacks could even happen through the simplest of sources—like an unsecured app for streaming music, or an unsafe website to check a sports update.
How do you identify an insider threat?
This can be very hard to detect and may actually go undetected for years. But the easiest way to spot snitches is the behavioural patterns of individuals in the organisation. Technology will be key to this.
However, technology is not the only way to detect behavior changes. Peers, time cards and physical access records are important when identifying these physical changes. Here are some things to check for, to be on one’s toes about insider threats.
• Arriving before or leaving after the general population (this is especially true if this is abnormal and there are no near-term project deadlines)
• Change in access
• Change in frequency of downloads
• Failed login requests from a user’s system.
Now, what is the basic step companies can take to prevent insider threats? Ensuring that that access is compartmentalised and is restricted to the least rights an individual needs to do their job.
What are the organisations doing to tackle insider threats?
It is difficult to make a statement on this, but the numbers speak for themselves. There general trust and privacy that is expected of workers, especially in the US. There is a balance between having a warm, open working environment versus a police state-like look and feel. The primary issue remains to be of the user being authorised for access of sensitive material, but a lack of control over what someone remembers. This again ties back to physical access and behavior being examined.
Employees often unknowingly weaken cybersecurity and promote the use of unsanctioned apps. It is a common issue that a poor understanding of corporate security policies increases the risks that come with a growing reliance on disparate and app-dependent workforces.
This data is even more disturbing when almost half (48 percent) of IT leaders say they agree or strongly agree that their employees do not care about following security practices, according to our internal survey findings.
Three interviews with IT decision makers about their efforts to defend their corporate networks, users and applications against cybersecurity attacks, found that half (47 percent) said their company has suffered a data breach at least once.
Perceived Attitudes of Employees and Thoughts on Best Practices
• Almost a quarter of IT decision-makers think there will be no improvement in security behavior at their company, but 75 percent think optimistically that there will be.
• 88 percent of IT heads say employees need better education on best security practices.
• IT decision makers say their top recommended password policy is updating passwords regularly (76 percent) followed by choosing different passwords for different systems (59 percent), and two-factor or multi-factor authentication (53 percent).
• Password policies are communicated to employees through email reminders (66 percent) followed by employee orientation (50 percent), internal meetings (48 percent), and communication from a manager (44 percent).
Challenges and Needs of IT
• When protecting their company, the biggest challenge noted by IT professionals is lack of corporate commitment to policy and enforcement (29 percent).
• Forty-one percent of IT leaders are only slightly optimistic about their ability to stop threats and protect their company.
Organisations are understanding the significance of cybersecurity much more than before. This is leading to a clear shift in resources to retaliate.4 Nevertheless, insider threats are an issue that has not yet had the focus it deserves, like an external malware problem. But as attacks and security solutions get more sophisticated, there is hope that insider threats would also be brought to notice as a serious challenge to be addressed.
The author is regional director, SAARC, A10 Networks