The Unique Challenges and Risks Posed by Insiders
By Mike Mimoso
Insiders should make private- and public-sector security teams nervous.
Their access to critical IT systems, company assets such as intellectual property, and the personal information of customers and employees makes insiders a formidable risk that deserves the same level of attention as external threats.
And insiders don’t have to act maliciously to be a risk to the business. Many times, an insider accidentally emailing sensitive or confidential information outside the organization poses as serious a threat as a nasty ransomware infection.
At other intervals, however, employees become disgruntled insiders who steal data, advertise their access within an illicit online community, or are recruited by criminals, competitors, or even nation-state intelligence services. Insiders are a risk that must be managed and require a blend of technology and understanding of behavior to properly analyze a threat before it costs an organization dearly.
Flashpoint has put together a research paper that identifies the risks associated with insiders—primarily data loss and private account misuse—and explains the detection and prevention mechanisms that must be in place and act as the backbone of any insider threat program (ITP).
The paper delves into the motivations that may spur an insider to go rogue—hint, profit is No. 1—and while an insider’s motivations may mirror those of an external attacker, defenders should in no way approach the two the same way.
For example, insider threat teams must rely on external information sources, such as monitoring deep and dark web forums for indications of insiders soliciting company data, as well as a mechanism for correlating internal data through user behavior analytics tools (UBA).
UBA can find patterns of malicious or unauthorized user behavior stored in network management and security operations management systems, and raise alerts to managers that may kick off further investigation. Investigators may also use it to identify other sources of evidence left behind by an attacker or characteristics and methods that may illuminate the timeline of an incident.
The paper also covers the three key components of an insider threat program and explains how investigations are multi-level processes that require intricate types and depths of analysis and the involvement of stakeholders from throughout the organization.
Download the research paper, Insider Threats Pose Unique Set of Challenges, and read an in-depth examination of:
- Managing insider risks
- How insider threats do not mirror external risks
- The potential for unintentional insider risks
- The dynamic investigative skills needed to support an insider threat program
Michael Mimoso brings over a decade of experience in IT security news reporting to Flashpoint. As Editorial Director, he collaborates with marketing, analyst, and leadership teams to share the company’s story. Prior to Flashpoint, Mike was as an Editor of Threatpost, where he covered security issues and cybercrime affecting businesses and end-users.
Prior to joining Threatpost, Mike was Editorial Director of the Security Media Group at TechTarget and Editor of Information Security magazine where he won several ASBPE national and regional writing awards. In addition, Information Security was a two-time finalist for national magazine of the year. He has been writing for business-to-business IT publications for 11 years, with a primary focus on information security.
Earlier in his career, Mike was an editor and reporter at several Boston-area newspapers. He holds a bachelor’s degree from Stonehill College in North Easton, Massachusetts.