Nowadays, organizations are more concerned on outsiders intruding into their systems. But the actual fact is that biggest threat comes from insiders. As per the Gartner report, more than 70% of a data breach due to unauthorized access is committed by an organization's own employees (either inadvertently or advertently).These insider threats can also arise when larger organizations acquire some of the small scale companies who does not have proper security measures employed. Insider threats can bring colossal financial and reputational damage to the organizations. Sometimes it may even lead to regulatory action against the organization.
Here are some of the cases of security breaches which highlight the importance of maintaining security controls to mitigate internal threats:
- In 2008 in San Francisco and California, a dissatisfied systems administrator locked out government from its systems and held passwords for ransom after being fired. In this case, the people creating the threat were trusted users.
- In February 2008, a healthcare organization announced that 37,000 patients personal and financial information had been compromised. A former employee(who has access to this data) from that organization was later arrested for fraudulent possession and use of stolen personal identification.
- In March of 2007, a family member of US sales person has installed malicious software onto a major pharmaceutical company’s laptop for personal use that gave access to confidential data of about 17,000 employees.
Below are some interesting survey results that impact and causes for insider threats.
- 17%of the insider events were done by personnel with administrator access
- According to the surveys, most of the security incidents were triggered by internal staff through a mouse click (introducing virus)
- 87 percent of attacks were triggered by using simple user commands
- 30 percent of the incidents occurred through remote access to the company's network;
- Most of the identified inside attackers had previous disciplinary issues
- As per the studies, a total loss of $180 per customer record and $4.8 million per breach per company occurred over a period of three years
Insider Threat Sources
Insider threats can originate from two types of sources:
1. Malicious individuals
- IT expert with a hacker mentality.
- Terminated or demoted employee.
- Dissatisfied employee or contractor with administrative access
- Malicious minds for financial gain
- An employee with the intention for personal enjoyment or gain.
2. Non-malicious individuals (employees or contractors)
- Technically strong employees but with poor knowledge on information security practices of the organization.
- An employee who simply fails to pay attention to proper IT usage and information security policies and procedures.
Security Measures Implementation
Insider threats can be averted by formulating and implementing the strict security policies and rules must be established that all employees and contractors abide by these policies. Implementation of the following security measures can reduce the risk of insider threats
- Conduct background checks of all personnel (employees and contractors) prior to employment. All personnel to with access to organization's asset must sign confidentiality agreements
- Conduct Security awareness training programs at regular intervals so that it ensures that all employees are aware of the importance of information security and the consequences that occur in case of any breach occurs
- Implement proper termination process for personnel to make sure that they do not have any more access to the organization's assets.
- Define the information classification and level of access to avoid the risk of unauthorized disclosure
- Implement secure information disposal/destruction methodologies to prevent any inadvertent disclosures
- Implement strong password and access management policies and practices. Also, access should be provided only on a business need-to-know basis.
- Implement security measures for access management such as account lockout after limited attempts, screen lock after inactivity etc.,
- Additional security rules must be enforced for Superuser accounts and password requirements must use stronger authentication than user accounts and be separated from normal activities since attackers make unauthorized use of superuser privileges to access organization's assets.
- Enforce separation of duties and rotation of duties. Rotate systems administrators across systems on a regular basis
- Implement physical security controls to reduce the risk of unauthorized access to the physical locations (Datacenter)
- Insecure remote access gives insiders a way to compromise organization networks and gain access to critical information. Provide remote access to those need as per job requirement and make sure that all security controls are implemented (E.g.: Multi-factor authentication, encryption etc.,)
- Log, monitor, and audit employee and especially systems administrator’s actions regularly. This can be helpful investigating root cause in case of any breach or incident occurs
- Install Data loss prevention software on all the systems to monitor, detect and block data loss while at rest, in transit, and in use
- Restrict access to all websites apart from a limited range of websites approved by the management and alert IT personnel up on any attempts to access blocked sites.
- Impose restrictions on the usage of removable media for official purposes.
- Install email scanner software that scans incoming and outgoing email attachments to continuously monitor information flow in and out of the organization. It can so help to detect any viruses and spam emails.
- Maintain dedicated personnel for incident management to monitor and report all suspicious actions on systems and behavior by employees as well as administrators and systems support personnel.
Human resources are the most valuable assets for any organization. In order to implement information security successfully across the organization, the awareness should start from the base level. There are a number of factors that are responsible for internal threats are increasing day by day. In order to mitigate the internal risks and threats, top management of the organization must focus more on how to improve the trustworthiness of their employees. This can be achieved by maintaining a culture that makes organization trustworthy.
Authored By - Saisumana S
TCS Enterprise Security and Risk Management
TCS Enterprise Security and Risk Management
Rate this article: