By Torsten George, cybersecurity evangelist, Centrify
Many organizations are aware of the challenges related to external threat actors and therefore focus their efforts on creating deterrents to protect against these cyberattacks. In doing so, they often overlook that the biggest threats can arise from within.
Insider Threat Awareness Month offers a great opportunity to make organizations realize that today’s modern cyberattack is no longer carried out by a dark cyber-assassin with sophisticated hacking techniques. The reality is that they no longer hack in at all, they log in using weak, stolen, or otherwise compromised passwords. And a shocking amount of the time, it is actually an insider doing the “hacking.”
In fact, over the last two years, insider-related incidents increased by 47% according to the 2020 Cost of Insider Threats Global Report by the Ponemon Institute. These numbers are quite concerning, especially when bearing in mind that they came at a time of global prosperity and growth. The risk of company employees walking away with sensitive data or selling their access credentials has never been greater now that a record number of individuals have been laid off and face financial hardship due to the COVID-19 health crisis.
An insider threat can be a case of unwitting error, a disgruntled employee, someone within the organization looking to push the boundaries or make a quick buck, or a business partner who compromises security through negligence, misuse, or malicious access.
So, what measures can organizations take to minimize their exposure to insider threats? The answer lies in limiting access and privilege. Many organizations grant too much privilege to their staff, contractors, and partners, where traditional perimeter security will not protect them from an insider accessing critical data. Businesses need to adjust their security strategies to match modern threats, moving away from sloppy password practices and unsecured privileged access and shifting to focus on administrative access controls based on a least privilege approach.
Businesses can take the following steps to address insider threats throughout the month of September and beyond:
- Enforce segregation of duties: Separate duties, especially for sensitive or shared processes and tasks. This ensures that no individual can complete a single task alone. In this context, organizations can for example leverage so-called “access zones” to tie the rights a user has to specific resources.
- Establish least privilege: Only give privileged users just enough access to resources, just-in-time to do the job required. Leave zero standing privileges to be exploited.
- Implement access request and approval workflows: Govern privilege elevation with self-service access requests and multi-level approvals, to capture who approved access and the context associated with the request.
- Leverage user and entity behavior analytics based on machine-learning technology to monitor privileged user behaviors: This will help identify abnormal and high-risk activity, as well as can trigger real-time alerts or removal of privileges to stop threatactors, whether they are internal or external threats.