Whilst it’s my view that Insider Threat isn’t new to business, and has been around since, well since a business hired an employee and trusted set individual or group with their intellectual property.
What’s different in 2019 is that we’ve been privy to a new variety of Insider Threat. So much so, that many businesses who do get affected, would rather its kept internal, than become headline news on the front pages. Whilst I get that, I’m a firm believer of honesty and transparency, which in turn enables others to learn from those mistakes or failed controls.
So, what is Insider Threat? There are many descriptions, but here’s one that sits well with me: Courtesy of our friends at Wikipedia: An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data, computer systems and misuse it knowingly or unknowingly.
So here comes the drama…
Remember Edward Snowden and the Intelligence Secrets, Jiaqiang Xu, the former IBM software engineer who stole proprietary source code and more recently, the former Third-Party Vendor(Amazon) employee who hacked Capital One.
What do these cases all have in common? Well; all misused their power, betrayed trust, were at some point or another disgruntled and believed they completely had every right to carry out their mission.
Stats by the Ponemon Institute, shed more light on the issue, but I’ve selected my top 3:
1) Employee or contractor negligence is responsible for two out of three insider threat incidents.
2) Negligence-based insider threat incidents cost organisations an average of $3.8 million per year.
3) 55% of organisations say that privileged users are their biggest insider threat risk.
So how can we mitigate the issue?
1) Develop an Insider Threat program.
a. I’d recommend an Insider Threat assessment and Corporate Policy.
2) Staff Training and Awareness.
a. It’ll help encourage an open and vigilant culture.
b. Assist staff to identify and report suspicious activities, behaviours, or circumstances symptomatic of insider threats.
3) Privileged Access Management (PAM).
a. A solution that helps organisations restrict and control privileged access.
4) Entitlement reviews.
a. Periodic reviews are essential to ensure that only the right people have access to the right data.
5) Data Loss Prevention (DLP).
a. A solution that detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, and or blocking sensitive data from leaving the corporate network.
Unfortunately, there isn’t a silver bullet, or a one-size fits-all fix to this issue. Insider threat is and will continue to be a constant and complex issue for businesses world-wide. So, do businesses implement massively stringent and draconian controls on staff? Or do they continue to trust staff to abide by AUP’s and honour the privacy of company secrets? You tell me, what do you think?
platinumrubygroup.com 