Monday, August 27, 2018

7 tips on how to handle cyber-sabotage and other insider cyber threats

Your employees are your company's weakest link, and therefore, your greatest threat to suffering a cyber-attack and resulting data breach. While employee negligence (that is, employees not knowing or understanding how their actions risk your company's data security) remains the biggest cyber risk, another is growing and also demands your attention—the malicious insider.

According to one recent report, malicious insiders are responsible for 27 percent of  all cybercrime. Over at her Employment & Labor Insider Blog, Robin Shea suggests that one recent workplace embarrassment for an employer was the result of internal cyber-vandalism, and not external hacking.

Dark Reading reports on a recent survey, entitled, "Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web."

"Recruitment of insiders is increasing, and the use of the dark web is the current methodology that malicious actors are using to find insiders," explains researcher Tim Condello, technical account manager and security researcher at RedOwl.
Cybercriminals recruit with the goal of finding insiders to steal data, make illegal trades, or otherwise generate profit. Advanced threat actors look for insiders to place malware within a business' perimeter security. …
There are three types of people who fall into the "insider" category, says Condello: negligent employees who don't practice good cyber hygiene, disgruntled employees with ill will, and malicious employees who join organizations with the intent to defraud them. 

What is a company to do? I've previously discussed how to protect against the negligent employees who don't practice good cyber hygiene—training, training, and more cyber-training.

No amount of training, however, will stop a disgruntled employee with ill intent, or a malicious employee who joins to do harm.

These latter two categories need more specialized attention—an insider threat program. The Wall Street Journal explains:

Companies are increasingly building out cyber programs to protect themselves from their own employees.… Businesses … are taking advantage of systems … to find internal users who are accidentally exposing their company to hackers or malicious insiders attacking the company. These "systems," however, can prove costly, especially for the small-business owner. While investment in a technological solution is one way to tackle this serious problem, it's not the only way. Indeed, there is lots any company, of any size, with any amount of resources, can do to develop an insider threat program.

Aside from the expense of costly monitoring programs, what types of issues should employers include in an insider threat program? Here are seven suggestions:

  1. Heightened monitoring of high-risk employees, such as those who previously violated IT policies, those who seek access to non-job-related business information, and those who are, or are likely to be, disgruntled (i.e., employees who express job dissatisfaction, who are on a performance improvement plan, or who are pending termination).

  2. Deterrence controls, such as data loss prevention, data encryption, access management, endpoint security, mobile security, and cloud security.

  3. Detection controls, such as intrusion detection and prevention, log management, security information and event management, and predictive analytics.

  4. Inventories and audits for computers, mobile devices, and removable media (i.e., USB and external hard drives), both during employment and post-employment. 

  5. Policies and programs that promote the resolution of employee grievances and protect whistleblowers.

  6. Pre-employment background checks to help screen out potential problem employees before they become problems. 

  7. Termination processes that removes access as early as possible for a terminated employee.

No company can make itself bulletproof from a cyber-attack. Indeed, for all businesses, data breaches are a when issue, not an if issue. However, ignoring the serious threat insiders pose to your company's cyber security will only serve to accelerate the when.