An insider threat is arguably the single greatest and most damaging security concern that an organization can face.Anyone who knows private or privileged information about security practices, data or computer systems could be an insider. Anyone who has access to secure facilities or protected systems could be an insider. They come from within and attackers are typically current or former employees and business associates. Any trusted individuals who have access to your secrets, software source code, financial data, or employee and healthcare records also has the potential to exploit that access.
Trust is something that we all take for granted, and in most cases it’s both automatic and reciprocal. People trust organizations to employ and pay them while organizations trust their employees to be discrete about their work. Until there is a reason to suspect them, insiders can go completely unnoticed and unfortunately, in most cases it’s already too late by the time they are identified or caught. The damage is already done, which is something administrators at the NSA presumably learned after contracting to Edward Snowden.
Most insider threats will fall into one of three categories: malicious insiders, negligent or oblivious employees, and third party contractors.
Malicious Insiders are the most dangerous and difficult type to mitigate or protect against. When nefarious individuals act as legitimate candidates or a rogue employee wants to retaliate against their employer – no amount of security training or protocol can help against someone with legitimate credentials accessing corporate networks.
Negligent and Oblivious Employees are less dangerous, but more easily mitigated. They compromise security by exposing authentication credentials for resources or information that were accessed via personal cellular phones or laptops. Simply accessing their email or other information and documents over insecure connections can provide an opportunity for criminals to steal the credentials and use them for their own purposes.
Third-Party Contractors represent the last but arguably least dangerous category of insider threat. Since third-party relationships are typically temporary and heavily restricted. Organizations can rotate, revoke or otherwise control any authorization credentials they provide to a contractor. Similar to the previous category, even if the window is short, criminals will take advantage of the contractor’s poor or missing connection security to steal credentials when they are used.
So what can you do to protect yourself and your information assets?
Education should be top priority, and employees should be aware of data security best practices, including use of strong passwords and the dangers that come from using insecure networks to transmit work-related information or data. Perimeter protection and hardening tools are essentially irrelevant because insiders are already within any security perimeter, and the same can be said for firewalls and intrusion detection technology.
Insider Threat Monitoring systems are another option that organizations can invest in, and while these technologies are effective at tracking ‘normal’ employee behaviour, such tools can come with an unintended and undesirable cost to overall network performance.
Data Obfuscation tools are also an effective security layer that can help reduce insider threats. By obfuscating or masking your data, sensitive and confidential data is given a functional substitute while hiding the original. Should an unauthorized user access your network there, is none of the original, sensitive, or confidential data available to steal.
Data is always at risk, but using a layered approach to security and following basic best practices can provide confidence and help protect the foundation on which most successful businesses are built; their integrity. DataStealth is a technology that takes preserving integrity to a whole new level.
Learn more about Data Obfuscation, how it can be done without using encryption keys, and the benefit that comes from uplifting your data security with DataStealth.