Insider threat

Five practical tips for preventing insider threats

October 7, 2021
A Tesla car sits parked at a Tesla Supercharger on September 23, 2020 in Petaluma, Calif. Today’s columnist, Sascha Fahrbach of Fudo Security, says when it comes to insider threats, companies can’t depend on what happened at Tesla where an insider opted not take a $1 million bribe and ultimately worked with the FBI. Fahrbach lays out a five-point plan to prevent insider threats. (Photo by Justin Sullivan/Getty Images)
  • Enforce the zero-trust principle of least privilege. Companies need to actively monitor their organization’s network and control identity and access management at all times to mitigate any willful or unintentional harm. Least privilege access means that the company will grant users only the level of access needed to get the job done. By assigning exactly the permissions that each employee or third-party contractor needs, security teams limit access to the valuable data that malicious actors are seeking.  
  • Reduce the number of privileged accounts. Privileged access accounts are the highest value targets for attackers, as they offer access to a company’s most valuable data. All too often, user permissions spiral out of control as companies grow, with too many users granted privileges beyond what their job requires. By limiting the number of super-user accounts to only those employees who really need it, the company can reduce the risk of a malicious actor getting their hands on the company’s valuable PII and customer data.
  • Manage the offboarding of all users. This includes employees who are terminated, leave willingly, or change roles or projects within the company.  Many organizations use manual systems that are inefficient and result in abandoned or orphan accounts, allowing disgruntled users like the N.Y. credit union ex-employee to access and destroy sensitive corporate data. IT teams need to automatically terminate all of an employee’s credentials when they leave the company, especially, with today’s remote or hybrid work, a user’s remote access credentials.
  • Monitor user behavior. Use AI anomaly detection to continuously analyze behavior patterns and anomalies and make sure there’s no identity theft happening inside or outside of the network. Build user and systems usage profiles, and accurately detect changes in user behavior. This includes anomalies related to the number of sessions or their duration, or biometric analysis of mouse movements so the security teams knows that the session was taken over by an unauthorized user and can move to block it.
  • Train the staff. Companies that conduct ongoing and varied security training of their employees – starting at onboarding and continuing with regularly scheduled updates, stand the greatest chance of keeping negligent or accidental actors from causing unintentional harm. Studies show that as many as 20% of employees are susceptible to social engineering, especially phishing campaigns. The most effective security awareness programs use a wide range of simulated campaigns to help employees identify the most common forms of phishing attacks, as well as the most effective cyber hygiene to minimize security risks.  
prestitial ad