How To Eliminate Insider Threats

Uploaded on 2017-03-10 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Insider Cyber hack threats are a major security problem. For years, the primary security objective has been to protect the perimeter, the focus on keeping outsiders from gaining access and doing harm. But statistics prove that more risk exists within an organisation.

Indeed, many compliance regulations require monitoring of systems to identify and eliminate insider threat. According to Forrester, 58 percent of breaches are caused from internal incidents or with a business partner’s organisation.

And 55 percent of attacks are originated by an insider as cited in the 2015 IBM Cyber Security Intelligence Index.

Build a proactive Insider Threat Program

Key elements of the program should include: A cross-departmental team, including: HR, IT, CIS and Leadership.

Employee training on cyber-security policies and reinforcement of those policies. Real-time notifications at the point of violation should be a key component of the cybersecurity education program.

A user activity monitoring solution that will keep track of activities of privileged users, high-risk employees, remote vendors, anyone who has access to your systems and data. It should track and visualise users’ risk and behavior over time for faster and easier detection of insider threats.

Beware of Privilege Creep

Have clear video playback of exactly what happened before, during and after an event or alert. This decreases the mean time to resolve (MTTR) and provides organisations with irrefutable evidence that is vital to be able to take action.

Organisations typically have a good grasp of server statistics, access logs, performance, uptime, and system events. However, often gaps exist in identifying who has direct access to the server. Create credentialed logins (avoid using one general login), and employ an IT ticketing system to ensure all server-activity is very important.

Regularly Review Employee Access Controls

If there’s no need for an employee to access a particular account, revoke their permission. Additionally, consider restricting the use of remote login applications or cloud storage applications on corporate accounts.

Some organisations will perform this review yearly, but a more frequent review process (quarterly or monthly) can help mitigate insider threats.

Monitor all Data Exfiltration Points

With user activity monitoring and video playback, large print jobs from computers, USB data exfiltration, Cloud Drive uploads, sending data to personal email addresses, or sending files via Instant Messenger do not have to be investigated by combing through event logs.

With just the simple push of a playback button, the monitoring of these exfiltration points is so much easier and investigations can occur that much more quickly.

Know why Users are Installing/Uninstalling Software

Organisations use virtual desktops, non-persistent images, various software management tools, and account restrictions to control installed applications.

In most cases, these infrastructure-centric methods don’t provide information on user intent and underlying business need. Insider threat technology can eliminate these visibility gaps and allow organisations to know whether people are putting the organisation at risk.

Pay Extra Attention to High-Risk Users

Whether it’s through a conversation or the placement of a broadcast banner on a desktop, let high-risk users know they are being monitored. This will, in most cases, deter them from engaging in malicious activities.

Immediately change the password access to computers when an employee leaves. Additionally, make sure third-party services also know of this employee’s termination so they can de-authorise their account.

Ensure departing employees do not have company data on personal devices. Before a high-risk employee leaves the organisation, check whether they have company data on their personal computers, mobile phone, tablets, etc.

Speed Security Investigations

See the smoke before the fire. It is essential to be able to detect and respond to incidents and alerts quickly. Without the right security tools and programs, the mean time to detect to the MTTR can be weeks.

For example, the FBI often requests that companies not intervene with active exploits so they can gather evidence.
Integrate your user activity monitoring solution with other cyber security tools so you can provide irrefutable evidence and decrease MTTR.

Computerworld

50% of US Businesses Have No Formal BYOD Policy:

CIOs Are Neglecting Process & Most Efficient Options:

 

« Only 20% Of UK Banks Can Properly Detect Breaches
Could Britain Fight A Cyber War with Russia? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

AON

AON

Aon is a leading global provider of risk management (including cyber), insurance and reinsurance brokerage, human resources solutions and outsourcing services.

Canadian Centre for Cyber Security (CCCS)

Canadian Centre for Cyber Security (CCCS)

The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure, the private sector and the public.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

infySEC

infySEC

InfySEC is an information security services organization offering Security Technology services, Security Consulting, Security Training, Research & Development.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Beyond Identity

Beyond Identity

Beyond Identity employs an elegantly simple concept, the personal certificate authority and self signed certificates, to replace passwords.

Jacobs

Jacobs

Jacobs is at the forefront of the most important security issues today. We are inspired to be the best and deliver innovative, mission-focused outcomes that matter to our clients.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity.

Cyber Griffin

Cyber Griffin

Founded by the City of London Police in 2017, Cyber Griffin is an initiative that supports businesses and individuals in the Square Mile to protect themselves from cyber crime.

DeepFactor

DeepFactor

DeepFactor is the industry’s first Continuous Observability platform enabling Engineering and AppSec teams to find and triage RUNTIME security, privacy, and compliance risks in your applications.

Clearnetwork

Clearnetwork

Clearnetwork specializes in managed cybersecurity solutions that enable both public and private organizations improve their security posture affordably.

OpsHelm

OpsHelm

OpsHelm provides a Software-as-a-Service solution to help businesses ensure that all of their cloud environments have their security bases covered.