Vulnerability Management

Malicious Insiders Are a Huge Problem But You Have a Bigger Issue

By Christy Wyatt

Aside from corporate data and proprietary intellectual property, employees are the greatest assets to companies. However, employees can also be massive liabilities. Whether it’s from negligent, malicious, or compromised users, people are the common cause in 90 percent of total security incidents that result in data breaches. While enterprise organizations should continue allocating resources to identify and stop malicious hackers, in the larger security landscape, employees with malicious intent are only a small fraction of the insider threat.

The majority of insider security breaches stem from employees who are not aware that they are compromising the safety of their organizations. These employees are known as negligent users. Perhaps they are not cognizant of the threats that they are posing or perhaps they do not care, but either way, well over half of security risks (68 percent) uncovered by our Insider Threat Intelligence Report were simply innocent mistakes. In part, this colossal statistic correlates with the changing workplace. Employees are taking it upon themselves to bring in unsanctioned technology and software or thinking what they do on their corporate machines has no bearing on network security. These actions open up the enterprise to a variety of risks.

Cloud services are fogging up the security perimeter

Now that modern businesses rely more than ever on the cloud for efficiency and productivity gains among disparate and virtual offices, the security perimeter has disappeared. Firewalls and intrusion detection systems provide adequate defenses but fail to deliver comprehensive security, visibility, and actionable intelligence needed to understand what is in the cloud and publicly available.

For example, 64 percent of enterprises assessed found corporate information on the web that is publicly accessible. Cloud services such as Dropbox and G Suite can offer a lot in the way of worker productivity through easy sharing of information, but documents and data can be shared and accessed by anyone through a simple URL if users aren’t careful. Many users are not mindful of the innately relaxed default settings of these services - purposely done in part to make them more user-friendly and increase service adoption - and do not understand the serious security implications of it. Additionally, we found that 87 percent of employees use their personal email accounts on corporate endpoints. By using third-party email clients, employees open up new entry points which provide hackers with an easy, direct route onto an organization’s network.

These security gaps in cloud sharing tools open up huge vulnerabilities that allow insiders to mistakenly leak sensitive data while also creating an entry point for external bad actors to exfiltrate corporate information. Working with remote team members - whether it’s with colleagues in satellite offices or off-site freelancers and contractors - increases the opportunities for data leak and breaches as well.

It’s what on the inside that counts

Today’s work economy allows many employees to take their corporate-issued devices beyond the office walls. While disconnected from the corporate network, most employees are naturally more comfortable engaging in high-risk behaviors on their devices than compared to when they are in the office and connected to the corporate network. Although their behavior may not be malicious in intent, it does not disqualify it from being able to create security vulnerabilities and transferring those breach risks back into the organizational network. From phishing and malware to credential theft and viruses, any user can be compromised. This makes insight into what users are doing on corporate endpoints, whether they are on or off the corporate network (or any network for that matter), a critical part of a proactive security program.

Visibility Drives Trust

Today's consumers are comfortable with establishing trusted relationships with those who provide rich services. Google, Facebook, and Twitter collect massive amounts of personal information about consumers in exchange for providing their services. This is a relationship trusted by millions today and enabled by transparency.  

Today’s IT organizations should envision themselves less as a “lock-and-block” corporate police force and more as a provider of rich employee services. And, like consumer services, these comes with appropriate usage guidelines.

Security teams can collect small amounts of non-personal data, that enable visibility into what is happening on corporate endpoints through user behavior intelligence. With trivial amounts of data and little tuning, this intelligence enables security teams to pinpoint risky user behavior and proactively address vulnerabilities and breaches. To do this, they establish a baseline user pattern in order to detect activities that deviate from the norm, such as downloading large amounts of data onto external hard drives, printing more-than-usual amounts of documents or an increase in device usage off-network. This level of insight into user behavior at the endpoint, and the process of mapping it against patterns of known bad behavior or baselined normal user activity, helps to flag any anomalies that occur on or off the network. During this time, the employee is also protected because monitoring occurs at the endpoint and not directly on the employee themselves.

This creates an environment where the organization can avoid collecting personally identifying information but still secure the enterprise, balancing enterprise security with employee privacy. Visibility of this type empowers organizations to identify, in near real time, potential data theft, learn who is attempting to bypass security controls, understand when there is accidental misuse of productivity services, and other perilous behaviors that may compromise sensitive data and put an organization at risk.

For more details around how to protect your organization from the insider threat, attend "The Insider Impact on Enterprise Security" at Cyber Security World 2017 on Wednesday, June 28 at 3:20 – 4:10 p.m.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.