Zero-Trust: Protecting From Insider Threats

Uploaded on 2023-09-25 in NEWS-Cybersecurity News, FREE TO VIEW

Often, when we think of cyber threats, we think of shadowy attackers working in distant locations. However, the truth of the matter is that organisations need to be equally on their guard against insider threats - a cybersecurity risk that comes from within.

Whilst these can be malicious, more often than not insider threats are accidental, coming from unintended carelessness or error. These incidents can be hugely damaging, affecting 34% of businesses globally every year. With each occurrence costing an average of $871,000, it’s imperative that businesses get to grips with how to prevent them.

Taking A Zero-Trust Approach

There is a wealth of advice out there on dealing with insider threats. However, according to Kamil Fedorko, Global Cybersecurity Practice Leader at Intellias, most strategies are based on just two concepts:

“Zero Trust Strategy: A high-level operational strategy that inherently assumes that no device, user, service, or network can be trusted.

Least Privilege Principal Concept and Role-Based Access Control: Concepts and methodologies that dictate how and why a particular entity should not have more access than is required to finish a particular function or task.”

He argues that these must be sufficiently implemented into the cybersecurity fabric of the company before organisations look to implement “the newest and greatest capabilities, such as user behaviour analysis (UBA), data loss prevention (DLP), and eventually extended detection and response (XDR) solutions.”

Andy Bates, Practice Director - Security at Node4, agrees that these are the fundamentals when it comes to protecting from insider threats. He suggests: “Best practise should be to apply role-based access control and a ‘zero-trust’ mindset. This means that only employees who require information to perform their job can access it and that their identity is reconfirmed whenever they do. This should be a minimum for all organisations to reduce the risk of data breaches and stop possible threats in their tracks.”

A key component of this zero-trust approach should be up to date authentication methods. “Antiquated authentication methods - be it passwords or traditional MFA - continue to put organisations at risk,” explains Jasson Casey, CTO at Beyond Identity. “Authentication that has been designed to accelerate the journey to zero trust security paradigms significantly reduces risk by ensuring continuous authentication whilst eliminating all credentials and codes that attackers use to plant ransomware crops.”

As well as implementing the right technology, a successful zero-trust requires a staff training programme. Hugh Scantlebury, CEO and Founder of accounting services firm, Aqilla, argues that “no matter how advanced our IT security solutions have become, businesses still need people to play an active part in identifying insider threats... all too often, we don’t know how to spot the early signs of an internal IT security breach - or if we do see something suspicious, we’re conflicted about coming forward in case we wrongly accuse a colleague.If we can all become engaged bystanders, we can objectively spot the very early and subtle signs of an escalating insider threat.

Organisations need to create an environment where engaged bystanders can feel confident about reporting their concerns. This means regular and consistent education about potentially suspicious behaviour and a commitment to developing processes and frameworks that allow potential worries to be reported in confidence.

Adapting For A Changing World

An added challenge for businesses today when facing insider threats is a combination of the swift rise of remote work and a move away from centralised onsite data systems. As Gal Helemski Co-Founder and CTO of PlainID, explains: “Since many enterprises are working remotely, now more than ever, confirming identities has become the cornerstone of organisational security. As most data is stored on cloud-based services, it only takes one misuse of a pre-existing or stolen credential for a company’s entire digital landscape to be left open and exposed... The pathway to cyber security comes from trusting no one – not even regular employees on trusted devices. This might sound extreme, but unless there’s real-time monitoring and authorisation, you cannot be 100% sure that this user has the right to be accessing this data.”

Hubert Da Costa, Chief Revenue Officer at cellular network services firm Celerway, comments, “... as more companies continue the trend away from core, localised data centres to edge-based connectivity - particularly in industries such as engineering, utilities and transport - it’s vitally important that employees are able to connect to corporate HQ securely at the edge.”

Overall, there is an emerging view that organisations need a holistic approach to edge connectivity can give organisations comprehensive access control and authentication, allowing only authorised personnel into the network, and most importantly, the ability to identify suspicious activities that might indicate insider threats.

Conclusion

Human beings will always make mistakes, let their guard down, and behave in ways that leave company data exposed. Creating engagement requires ongoing awareness training that is specific and contextual, which means making sure that employees fully understand the security threats to data and to the organisation and the likely outcomes in the case of a breach.

Image: Tim van Der Kuip

You Might Also Read:

Insider Threat Management: Keep Up With Growing Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.