Combating the Insider Threat
© 2015 Lancope, Inc.
Table of Contents
Chapter One
WHO IS ATTACKING YOUR NETWORK?
Chapter Two
INSIDER THREAT MOTIVES AND METHODS
Chapter Three
DETERRING INSIDER THREATS WITH TECHNOLOGY
Chapter Four
USING NETWORK LOGS TO THWART INSIDER THREATS
Chapter Five
BEYOND TECHNOLOGY
Chapter Six
SUMMARY & TOP 10 WAYS TO COMBAT INSIDER
THREATS
Chapter Five
Beyond Technology
A 2014 survey by the Ponemon Institute uncovered that only 26
percent of respondents had a multidisciplinary insider threat management
program in place within their organization. It is important to
recognize that technology alone cannot prevent insider threats.
It has to be a cross-organizational effort
that also involves other groups such as HR, Management and
Legal.
For example, if HR alerts IT about a disgruntled employee, their
network activity can be monitored so that anomalous behaviors such as logging on at unusual hours of the
day can be swiftly investigated. And without the involvement of other groups within the company,
malicious behaviors discovered by IT cannot be properly addressed.
Specifically, companies that wish to adequately address the insider
threat problem should
consider the following:
Background Checks and Screening
First and foremost, it is important that your company conducts
thorough background checks before hiring employees, contractors or third-party vendors so you will know
exactly who you are working with.
Partner Evaluation
According to the 2014 U.S. State of Cybercrime Survey, “Recent
contractor data leaks and payment card heists have proved that adversaries can and will infiltrate
systems via third parties, but most organizations do not address third-party security.” Also according to the
survey, only 44 percent of respondents have a process for evaluating third parties before the launch of
business operations, and only 31 percent include security provisions in contracts with external vendors and
suppliers. No matter how strong your security program is, if you are working with insecure partners, it won’t
take long for the attackers to find them and use them to infiltrate your network.
Comprehensive Employee Exit Strategies
Research by the CERT Insider Threat Center has shown that
malicious insiders typically conduct their
unsavory activities within 30 days of giving their resignation.
It sounds obvious, but thorough measures
need to be taken to revoke employee and contractor access to
your company’s systems upon
resignation. Also pay particular attention to the person’s
active sessions at the time they leave, as they
may still be logged in somewhere and able to do damage if they
wish.
Management Training
Also according to the CERT Insider Threat Center, insiders who
commit crimes often engage
in certain behaviors prior to or in the course of committing
that crime, such as threatening the
organization or bragging publicly about how much damage they
could do. If managers are trained
to recognize and report these kinds of behaviors, they may
identify a potential problem before it
becomes a serious security incident.
Employee Assistance
In some cases, personal and financial stress may motivate people
to commit crimes at work. There are a number of steps that organizations can take to help employees
find constructive approaches to handling difficult personal circumstances, such as establishing a
confidential Employee Assistance Program that can provide counseling and
advice.
User Education
According to a study by Forrester Research of information
workers in North America and Europe, only 57 percent said they were aware of their organization’s current
security policies and only 42 percent said they received training on how to stay secure at work. User education
can go a long way in helping to protect against insider threats. It is a lot easier for employees to
abide by best practices for security if they are aware of them, and if they are educated on the serious impact
and dramatic consequences that their careless actions could have on the organization. This is
especially important in light of new forms of attack such as ransomware.
Users can also be educated about helping to detect potential
insider attacks by others. According to the
Verizon 2014 Data Breach Investigations Report, the most common
way organizations detected insider
crimes was when employees reported them.
Няма коментари:
Публикуване на коментар