When security breaches make headlines, they tend to be about hackers in another country or the catastrophic failure of technology. The surprising reality is that no matter the size or the scope of a breach, usually it’s caused by an action, or failure, of someone inside your own company.
The role that insiders play in the vulnerability of all sizes of corporations is massive and growing. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders.
“Cybersecurity must be a company-wide initiative and “all-hands-on-deck” strategy”
The IBM Security research also found that healthcare, manufacturing and financial services are the top three industries under attack due to their personal data, intellectual property and physical inventory and massive financial assets, respectively. However, while industries and sectors differ substantially in the value and volume of their assets and in the technology infrastructures they have to manage and defend, what all businesses have in common is people — all of whom have the potential to be an insider threat.
We asked Bristol-based IT consultants Computer Geeks if they could cut through some of the noise surrounding security breaches and provide us with some guidelines to help prevent and reduce the threat.
What are the primary types of insider risks?
- Human Error. Human error is a major factor in breaches and trusted but unknowing insiders are to blame. From misaddressed emails to stolen devices to confidential data sent to insecure home systems, mistakes can be very costly. The riskiest of these are well-meaning IT admins, whose complete access to company infrastructure can turn a small mistake into a catastrophe.
- Leaked passwords. Malicious employees whose intent is to steal or damage are a very real risk. Some steal competitive information, some sell data or intelligence, and some just have a vendetta against the organisation.
- Hijacked Identities. Cyber-criminals are experts at hijacking identities. Some accomplish this by compromising an employee system through malware or phishing attacks; some leverage stolen credentials, especially by gleaning data from social networks. In many cases attackers can increase a hacked user’s access within a system, leading them to even more sensitive information.
The Threats to Small Businesses – what you should do
As you look to how you should secure your IT environment as a whole, you should focus on the work employees do, the technology they use, and the data they’re responsible for–data that would be appealing targets for hackers and cybercriminals.
Think of the places where data and money are transacted, and what networks those workers are most often connected to.
To mitigate Insider risks, be sure to implement the following strategies in your workplace:
- Treat security as a culture, not a policy. Cybersecurity must be a company-wide initiative and “all-hands-on-deck” strategy. It shouldn’t be the sole responsibility of just a few individuals or a particular team – although it might be okay for one department or person to lead it.
- Educate, train, repeat. Bring all employees into the conversation, make sure they stay up to speed and consistently revisit this. The tricky part about IT security is that it’s ever evolving. Hackers are constantly developing new ways to gain access to information that doesn’t belong to them. Staying up to date on these changes, tweaking company policy to cover all the bases, and distributing updates through security awareness training programs must be a top priority for all organisations today.
Top tips for small businesses security efforts to mitigate insider risks:
- Focus on the right assets. Hackers and thieves want what you value most, what we call your businesses’ “crown jewels.” Identify the most-valuable systems and data, and then give them the strongest defences and the most frequent monitoring.
- Apply deep analytics. Humans are creatures of habits: They come to work at the same time and do familiar tasks. The same can be said for how they use and interact with technology. Deep analytics and AI can uncover deviations in behaviour at the level of individual employees, which can make it much easier to spot indications that systems have been compromised.
- Know your people. Understanding the users who hold the potential for greatest damage is critical. Addressing the security risks that these people represent and the critical assets they access, should be a priority. In particular, monitor IT admins, top executives, key vendors, and at-risk employees with great vigilance.
- Don’t forget the basics. Apply software patches automatically to close that open-window before a hacker can use it to access your network. Enforce strong standards for user identities and passwords that will mean stealing credentials is that much harder. Collecting all the data and forensics you can on every device that touches your network makes sure you’re the first to know if you’ve been hacked, not the last.
User awareness programs are the key to educating personnel. Training and testing your own workforce is key to avoiding and minimising the insider risk. So, when you read the next sensational headline about some data breach by an external hacker, remember that these attacks account for less than half of the breaches out there. And remember that the hacker probably used the identity of an unsuspecting employee to pull it off. Take action to make sure your organization isn’t the next one to hit the headlines for all the wrong reasons.
- You may like: Does shadow IT pose the biggest risk to GDPR compliance?