Zero-Trust: Protecting From Insider Threats

Often, when we think of cyber threats, we think of shadowy attackers working in distant locations. However, the truth of the matter is that organisations need to be equally on their guard against insider threats - a cybersecurity risk that comes from within. 

Whilst these can be malicious, more often than not insider threats are accidental, coming from unintended carelessness or error. These incidents can be hugely damaging, affecting 34% of businesses globally every year. With each occurrence costing an average of $871,000, it’s imperative that businesses get to grips with how to prevent them. 

Taking A Zero-Trust Approach

There is a wealth of advice out there on dealing with insider threats. However, according to Kamil Fedorko, Global Cybersecurity Practice Leader at Intellias, most strategies are based on just two concepts:

  • “Zero Trust Strategy: A high-level operational strategy that inherently assumes that no device, user, service, or network can be trusted. 
  • Least Privilege Principal Concept and Role-Based Access Control: Concepts and methodologies that dictate how and why a particular entity should not have more access than is required to finish a particular function or task.”

He argues that these must be sufficiently implemented into the cybersecurity fabric of the company before organisations look to implement “the newest and greatest capabilities, such as user behaviour analysis (UBA), data loss prevention (DLP), and eventually extended detection and response (XDR) solutions.”

Andy BatesPractice Director - Security at Node4, agrees that these are the fundamentals when it comes to protecting from insider threats. He suggests: “Best practise should be to apply role-based access control and a ‘zero-trust’ mindset. This means that only employees who require information to perform their job can access it and that their identity is reconfirmed whenever they do. This should be a minimum for all organisations to reduce the risk of data breaches and stop possible threats in their tracks.”

A key component of this zero-trust approach should be up to date authentication methods. “Antiquated authentication methods - be it passwords or traditional MFA - continue to put organisations at risk,” explains Jasson Casey, CTO at Beyond Identity. “Authentication that has been designed to accelerate the journey to zero trust security paradigms significantly reduces risk by ensuring continuous authentication whilst eliminating all credentials and codes that attackers use to plant ransomware crops.”

As well as implementing the right technology, a successful zero-trust requires a staff training programme. Hugh Scantlebury, CEO and Founder of accounting services firm, Aqilla, argues that “no matter how advanced our IT security solutions have become, businesses still need people to play an active part in identifying insider threats... all too often, we don’t know how to spot the early signs of an internal IT security breach - or if we do see something suspicious, we’re conflicted about coming forward in case we wrongly accuse a colleague.If we can all become engaged bystanders, we can objectively spot the very early and subtle signs of an escalating insider threat.

Organisations need to create an environment where engaged bystanders can feel confident about reporting their concerns. This means regular and consistent education about potentially suspicious behaviour and a commitment to developing processes and frameworks that allow potential worries to be reported in confidence.

Adapting For A Changing World

An added challenge for businesses today when facing insider threats is a combination of the swift rise of remote work and a move away from centralised onsite data systems. As Gal Helemski Co-Founder and CTO of PlainID, explains: “Since many enterprises are working remotely, now more than ever, confirming identities has become the cornerstone of organisational security. As most data is stored on cloud-based services, it only takes one misuse of a pre-existing or stolen credential for a company’s entire digital landscape to be left open and exposed... The pathway to cyber security comes from trusting no one – not even regular employees on trusted devices. This might sound extreme, but unless there’s real-time monitoring and authorisation, you cannot be 100% sure that this user has the right to be accessing this data.”

Hubert Da Costa, Chief Revenue Officer at cellular network services firm Celerway, comments, “... as more companies continue the trend away from core, localised data centres to edge-based connectivity - particularly in industries such as engineering, utilities and transport -  it’s vitally important that employees are able to connect to corporate HQ securely at the edge.” 

Overall, there is an emerging view that organisations need a holistic approach to edge connectivity can give organisations comprehensive access control and authentication, allowing only authorised personnel into the network, and most importantly, the ability to identify suspicious activities that might indicate insider threats. 

Conclusion

Human beings will always make mistakes, let their guard down, and behave in ways that leave company data exposed. Creating engagement requires ongoing awareness training that is specific and contextual, which means making sure that employees fully understand the security threats to data and to the organisation and the likely outcomes in the case of a breach.

Image: Tim van Der Kuip

You Might Also Read: 

Insider Threat Management: Keep Up With Growing Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Europol Identifies The Top Cyber Threats
Unmasking The Silent Threat Of Cryptojacking  »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

Galvanize

Galvanize

Galvanize is a leading provider of award-winning, cloud-based security, risk management, compliance, and audit software for some of the world’s largest organizations.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Infosequre

Infosequre

Infosequre builds up your security awareness culture and turns your employees into the first line of defense against cyber risks.

Navisite

Navisite

Navisite is a combination of eight respected IT consulting and managed service providers that were brought together under the Navisite brand.

Adversa AI

Adversa AI

Adversa's mission is to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

BSS

BSS

BSS is a solutions and services business based in the UK with a focus on Cyber Security, Data, Financial Crime, Internal Audit, Change, Risk and Resilience.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

Black Cipher Security

Black Cipher Security

Black Cipher is a New Jersey-based cybersecurity and incident response consulting firm.

Breez Security

Breez Security

Breez Security's mission is to address the increasingly complex and ever evolving challenges of identity security.