Most organizations don’t think twice when it comes to strengthening their security defenses against outside adversaries, but many often overlook the equally dangerous threat posed by the insider. These insiders are often personnel who currently have privileged access to confidential data and whose activities usually go unidentified by integrated security solutions, which were created to identify external hackers. Outside threats have to break in; insiders already know critical applications, networks and other touchpoints, making them even more dangerous.
Whether a staff member is exfiltrating information on purpose or unintentionally exposing security implementations, threats from malicious and negligent insiders are real. CA Technologies’ Insider Threat Report: 2018 revealed that 90 percent of companies feel vulnerable to insider threats. 53 percent also confirmed insider attacks on their organizations in the past 12 months. It’s clear that enterprises need to pay close attention to this threat and take appropriate steps to protect their integrity.
The strategy for combating the growing issue of insider attacks should be multifaceted, drawing on a combination of security awareness, company policies and technical implementations. Organizations should consider the following best practices:
Limit the Number of Privileged Users
The fewer privileged staff members you have, the easier it is to protect your business against insider threats. Not only does it mean there are fewer individuals to make mistakes and fewer potentially exposed accounts, but it also means fewer people who might go rogue in the aftermath of a termination. Disgruntled ex-employees can often still access your data, either by retaining their access or via backdoors, because nobody bothered to keep an eye on their activities.
To limit the number of privileged employees, you can use the concept of the “least privileged.” This is a cybersecurity standard that says each new account in an enterprise should be set up (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/kFsFhY22sbM/