By Torsten George, cybersecurity evangelist,Ā Centrify
Many organizations are aware of the challenges related to externalĀ threatĀ actors and therefore focus their efforts on creating deterrents to protect against these cyberattacks. In doing so, they often overlook that the biggestĀ threatsĀ can arise from within.
InsiderĀ ThreatĀ Awareness Month offers a great opportunity to make organizations realize that todayās modern cyberattack is no longer carried out by a dark cyber-assassin with sophisticated hacking techniques. The reality is that they no longer hack in at all, they log in using weak, stolen, or otherwise compromised passwords. And a shocking amount of the time, it is actually anĀ insiderĀ doing the āhacking.ā
In fact, over the last two years,Ā insider-related incidents increased by 47% according to the 2020 Cost ofĀ InsiderĀ ThreatsĀ Global Report by the Ponemon Institute. These numbers are quite concerning, especially when bearing in mind that they came at a time of global prosperity and growth. The risk of company employees walking away with sensitive data or selling their access credentials has never been greater now that a record number of individuals have been laid off and face financial hardship due to the COVID-19 health crisis.
AnĀ insiderĀ threatĀ can be a case of unwitting error, a disgruntled employee, someone within the organization looking to push the boundaries or make a quick buck, or a business partner who compromises security through negligence, misuse, or malicious access.
So, what measures can organizations take to minimize their exposure toĀ insiderĀ threats? The answer lies in limiting access and privilege. Many organizations grant too much privilege to their staff, contractors, and partners, where traditional perimeter security will not protect them from anĀ insiderĀ accessing critical data. Businesses need to adjust their security strategies to match modernĀ threats, moving away from sloppy password practices and unsecured privileged access and shifting to focus on administrative access controls based on a least privilege approach.
Businesses can take the following steps to addressĀ insiderĀ threatsĀ throughout the month of September and beyond:
- Enforce segregation of duties: Separate duties, especially for sensitive or shared processes and tasks. This ensures that no individual can complete a single task alone. In this context, organizations can for example leverage so-called āaccess zonesā to tie the rights a user has to specific resources.
- Establish least privilege: Only give privileged users just enough access to resources, just-in-time to do the job required. Leave zero standing privileges to be exploited.
- Implement access request and approval workflows: Govern privilege elevation with self-service access requests and multi-level approvals, to capture who approved access and the context associated with the request.
- Leverage user and entity behavior analytics based on machine-learning technology to monitor privileged user behaviors: This will help identify abnormal and high-risk activity, as well as can trigger real-time alerts or removal of privileges to stopĀ threatactors, whether they are internal or externalĀ threats.
