Earlier this year, we conducted an Insider Threat survey to find out how prevalent the Insider Threat is in the minds of cybersecurity industry experts. After gathering and tallying up 700 responses, we looked at the results, and boy, were they fascinating! Without giving away the surprising key findings (you should really download the Insider Threat Survey Report if you haven’t done so yet), we’re exploring the signs you need an insider threat program.
Over 70% of companies are vulnerable to insider threats
Yes, you read that right. Our survey found that most organizations are not confident in their ability to prevent a malicious insider attack or insider security breach. In fact, 40% of respondents cannot detect insider threats, or at best, can only detect after the data has left the organization.
Insider threats are the BIGGEST cyber security problem for companies because they can cause the most damage. They have access to confidential company information, passwords to programs and tools, and know how your organization functions. When hiring on a new employee, you want to hire someone with integrity because they will have access to all these assets. But in a world where a company’s secrets can be in the hands of a competitor with the click of a download, integrity is not enough.
Your Insider Threat Program is Weak
Think of your insider threat program like the foundation of a house. You can have a beautiful exterior but if the interior is lacking a sturdy frame and foundation, then it will fall apart. Your employees make up the foundation of your company. Now, if one bolt comes loose, chances are the house won’t fall apart. But if we ignore it long enough, the bolt will eventually fall out, thus weakening the foundation. What does your security program look like on the inside? What steps are you taking to mitigate any weak links or potential cyber risks?
Privileged access is called “privileged” for a reason. So, what was this disgruntled ex-employee at Tesla doing with the access to make code changes to the manufacturing operating system? For a company as forward-thinking and progressive as Tesla, the 2018 data breach was shocking. Who knew a company as strong and successful as Tesla could have such a weak insider threat program?
Here are some indicators that make your company at risk for an insider attack:
1) Everyone has administrative privileges and access to information they do not need
Your sales representatives don’t need access to the data visualization tools or programming files used by your data scientists. In addition, your marketing department doesn’t need access to company financial records. Identify the most critical documents/assets at your company and take the steps necessary to add extra security authentication.
2) You’re not monitoring user and entity behavior in real time
A strong user and entity behavior analytics (UEBA) platform uses machine learning to find patterns in behavior. For example, if someone who signs online Monday through Friday at 9 AM suddenly signs on Saturday night at 10 PM, there will be an alert. Behavior for devices and users is captured over time and anything that deviates from the streamlined activity is considered a risk. Finding an insider attack after the fact is not helpful. Detecting and preventing insider threats before they attack is key. You don’t have to rely on Miss Cleo when it comes to predicting the future – just implement Gurucul UEBA!
3) No system in place for handling disgruntled, laid-off, and/or terminated employees
Your Human Resources department should have a plan in place for handling employee terminations, lay-off’s, and behavioral issues. For example, a former employee, who was laid off, is airing his grievances on the company’s social media channels. It’s exhausting and the comments are inappropriate. A non-disparagement agreement protects your company from the publication of derogatory and false statements. Similarly, a system for handling terminated or disciplined employees, like eliminating privileged access upon the first written warning, will limit the risky behavior from happening.
4) Employees don’t have insider threat awareness training
Above all, train employees to report risky insider behavior. Is your coworker seeking access to proprietary or classified information on topics unrelated to their job duties? Is someone removing company or customer data from the premises for unauthorized reasons? Teach your employees that if they see something, say something.
5) Not considering the third party insider threat
For example, you have a third-party vendor helping you write technical content about your products. They work remotely and collaborate on projects with your internal team by accessing the main marketing folder in the cloud. Out of the 12 sub-folders, one contains the company’s annual marketing report for the previous year. The only sub-folder the vendor needs to access is one titled “Technical Writing Content”, yet they have access to them all. Your marketing results can be downloaded and traded with a competitor in the click of a button. Prevent third party data breaches by implementing a plan to limit the amount of information contractors and third parties get access to.
A Strong Insider Threat Program Predicts and Prevents Risky Behavior
In conclusion, integrity isn’t enough to protect your organization from a catastrophic insider attack. You need an effective insider threat program that encompasses predictive security analytics. Close the loopholes and weaknesses by implementing Gurucul’s UEBA technology. So, get in the spirit of Insider Threat Awareness Month and request a demo with us today!
*** This is a Security Bloggers Network syndicated blog from Blog – Gurucul authored by Talia Landman. Read the original post at: https://gurucul.com/blog/signs-you-need-an-insider-threat-program