Zero-Trust: Protecting From Insider Threats

Often, when we think of cyber threats, we think of shadowy attackers working in distant locations. However, the truth of the matter is that organisations need to be equally on their guard against insider threats - a cybersecurity risk that comes from within. 

Whilst these can be malicious, more often than not insider threats are accidental, coming from unintended carelessness or error. These incidents can be hugely damaging, affecting 34% of businesses globally every year. With each occurrence costing an average of $871,000, it’s imperative that businesses get to grips with how to prevent them. 

Taking A Zero-Trust Approach

There is a wealth of advice out there on dealing with insider threats. However, according to Kamil Fedorko, Global Cybersecurity Practice Leader at Intellias, most strategies are based on just two concepts:

  • “Zero Trust Strategy: A high-level operational strategy that inherently assumes that no device, user, service, or network can be trusted. 
  • Least Privilege Principal Concept and Role-Based Access Control: Concepts and methodologies that dictate how and why a particular entity should not have more access than is required to finish a particular function or task.”

He argues that these must be sufficiently implemented into the cybersecurity fabric of the company before organisations look to implement “the newest and greatest capabilities, such as user behaviour analysis (UBA), data loss prevention (DLP), and eventually extended detection and response (XDR) solutions.”

Andy BatesPractice Director - Security at Node4, agrees that these are the fundamentals when it comes to protecting from insider threats. He suggests: “Best practise should be to apply role-based access control and a ‘zero-trust’ mindset. This means that only employees who require information to perform their job can access it and that their identity is reconfirmed whenever they do. This should be a minimum for all organisations to reduce the risk of data breaches and stop possible threats in their tracks.”

A key component of this zero-trust approach should be up to date authentication methods. “Antiquated authentication methods - be it passwords or traditional MFA - continue to put organisations at risk,” explains Jasson Casey, CTO at Beyond Identity. “Authentication that has been designed to accelerate the journey to zero trust security paradigms significantly reduces risk by ensuring continuous authentication whilst eliminating all credentials and codes that attackers use to plant ransomware crops.”

As well as implementing the right technology, a successful zero-trust requires a staff training programme. Hugh Scantlebury, CEO and Founder of accounting services firm, Aqilla, argues that “no matter how advanced our IT security solutions have become, businesses still need people to play an active part in identifying insider threats... all too often, we don’t know how to spot the early signs of an internal IT security breach - or if we do see something suspicious, we’re conflicted about coming forward in case we wrongly accuse a colleague.If we can all become engaged bystanders, we can objectively spot the very early and subtle signs of an escalating insider threat.

Organisations need to create an environment where engaged bystanders can feel confident about reporting their concerns. This means regular and consistent education about potentially suspicious behaviour and a commitment to developing processes and frameworks that allow potential worries to be reported in confidence.

Adapting For A Changing World

An added challenge for businesses today when facing insider threats is a combination of the swift rise of remote work and a move away from centralised onsite data systems. As Gal Helemski Co-Founder and CTO of PlainID, explains: “Since many enterprises are working remotely, now more than ever, confirming identities has become the cornerstone of organisational security. As most data is stored on cloud-based services, it only takes one misuse of a pre-existing or stolen credential for a company’s entire digital landscape to be left open and exposed... The pathway to cyber security comes from trusting no one – not even regular employees on trusted devices. This might sound extreme, but unless there’s real-time monitoring and authorisation, you cannot be 100% sure that this user has the right to be accessing this data.”

Hubert Da Costa, Chief Revenue Officer at cellular network services firm Celerway, comments, “... as more companies continue the trend away from core, localised data centres to edge-based connectivity - particularly in industries such as engineering, utilities and transport -  it’s vitally important that employees are able to connect to corporate HQ securely at the edge.” 

Overall, there is an emerging view that organisations need a holistic approach to edge connectivity can give organisations comprehensive access control and authentication, allowing only authorised personnel into the network, and most importantly, the ability to identify suspicious activities that might indicate insider threats. 

Conclusion

Human beings will always make mistakes, let their guard down, and behave in ways that leave company data exposed. Creating engagement requires ongoing awareness training that is specific and contextual, which means making sure that employees fully understand the security threats to data and to the organisation and the likely outcomes in the case of a breach.

Image: Tim van Der Kuip

You Might Also Read: 

Insider Threat Management: Keep Up With Growing Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Europol Identifies The Top Cyber Threats
Unmasking The Silent Threat Of Cryptojacking  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Citicus

Citicus

Citicus provides world-class security, risk and compliance management software, plus supporting services.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

Entrust

Entrust

Entrust is a global leader in digital security, identities, payments, and data protection.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

Modern Networks

Modern Networks

Modern Networks is a leading provider of IT managed services to the UK’s commercial property sector and medium sized enterprises.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.

Abstract Security

Abstract Security

Abstract Security has created a revolutionary platform, equipped with an AI-powered assistant, to better centralize the management of security analytics.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

Token Security

Token Security

Token is the new approach designed for the identity boom era. Introducing Machine-First Identity Security.