Zero-Trust: Protecting From Insider Threats

Often, when we think of cyber threats, we think of shadowy attackers working in distant locations. However, the truth of the matter is that organisations need to be equally on their guard against insider threats - a cybersecurity risk that comes from within. 

Whilst these can be malicious, more often than not insider threats are accidental, coming from unintended carelessness or error. These incidents can be hugely damaging, affecting 34% of businesses globally every year. With each occurrence costing an average of $871,000, it’s imperative that businesses get to grips with how to prevent them. 

Taking A Zero-Trust Approach

There is a wealth of advice out there on dealing with insider threats. However, according to Kamil Fedorko, Global Cybersecurity Practice Leader at Intellias, most strategies are based on just two concepts:

  • “Zero Trust Strategy: A high-level operational strategy that inherently assumes that no device, user, service, or network can be trusted. 
  • Least Privilege Principal Concept and Role-Based Access Control: Concepts and methodologies that dictate how and why a particular entity should not have more access than is required to finish a particular function or task.”

He argues that these must be sufficiently implemented into the cybersecurity fabric of the company before organisations look to implement “the newest and greatest capabilities, such as user behaviour analysis (UBA), data loss prevention (DLP), and eventually extended detection and response (XDR) solutions.”

Andy BatesPractice Director - Security at Node4, agrees that these are the fundamentals when it comes to protecting from insider threats. He suggests: “Best practise should be to apply role-based access control and a ‘zero-trust’ mindset. This means that only employees who require information to perform their job can access it and that their identity is reconfirmed whenever they do. This should be a minimum for all organisations to reduce the risk of data breaches and stop possible threats in their tracks.”

A key component of this zero-trust approach should be up to date authentication methods. “Antiquated authentication methods - be it passwords or traditional MFA - continue to put organisations at risk,” explains Jasson Casey, CTO at Beyond Identity. “Authentication that has been designed to accelerate the journey to zero trust security paradigms significantly reduces risk by ensuring continuous authentication whilst eliminating all credentials and codes that attackers use to plant ransomware crops.”

As well as implementing the right technology, a successful zero-trust requires a staff training programme. Hugh Scantlebury, CEO and Founder of accounting services firm, Aqilla, argues that “no matter how advanced our IT security solutions have become, businesses still need people to play an active part in identifying insider threats... all too often, we don’t know how to spot the early signs of an internal IT security breach - or if we do see something suspicious, we’re conflicted about coming forward in case we wrongly accuse a colleague.If we can all become engaged bystanders, we can objectively spot the very early and subtle signs of an escalating insider threat.

Organisations need to create an environment where engaged bystanders can feel confident about reporting their concerns. This means regular and consistent education about potentially suspicious behaviour and a commitment to developing processes and frameworks that allow potential worries to be reported in confidence.

Adapting For A Changing World

An added challenge for businesses today when facing insider threats is a combination of the swift rise of remote work and a move away from centralised onsite data systems. As Gal Helemski Co-Founder and CTO of PlainID, explains: “Since many enterprises are working remotely, now more than ever, confirming identities has become the cornerstone of organisational security. As most data is stored on cloud-based services, it only takes one misuse of a pre-existing or stolen credential for a company’s entire digital landscape to be left open and exposed... The pathway to cyber security comes from trusting no one – not even regular employees on trusted devices. This might sound extreme, but unless there’s real-time monitoring and authorisation, you cannot be 100% sure that this user has the right to be accessing this data.”

Hubert Da Costa, Chief Revenue Officer at cellular network services firm Celerway, comments, “... as more companies continue the trend away from core, localised data centres to edge-based connectivity - particularly in industries such as engineering, utilities and transport -  it’s vitally important that employees are able to connect to corporate HQ securely at the edge.” 

Overall, there is an emerging view that organisations need a holistic approach to edge connectivity can give organisations comprehensive access control and authentication, allowing only authorised personnel into the network, and most importantly, the ability to identify suspicious activities that might indicate insider threats. 

Conclusion

Human beings will always make mistakes, let their guard down, and behave in ways that leave company data exposed. Creating engagement requires ongoing awareness training that is specific and contextual, which means making sure that employees fully understand the security threats to data and to the organisation and the likely outcomes in the case of a breach.

Image: Tim van Der Kuip

You Might Also Read: 

Insider Threat Management: Keep Up With Growing Threats:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Europol Identifies The Top Cyber Threats
Unmasking The Silent Threat Of Cryptojacking  »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyren

Cyren

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics.

Trusted Computing Group

Trusted Computing Group

TCG was formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

TNO Cyber Security Lab

TNO Cyber Security Lab

TNO Cyber Security Lab is a dedicated facility for innovative and experimental research with the goal of a safe and resilient cyberspace.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

Prodera Group

Prodera Group

Prodera Group is a specialist technology consulting partner trusted to help navigate the complex and dynamic lifecycle of change and transformation.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

eCapital

eCapital

eCAPITAL is a leading venture capital firm that provides early to growth stage funding to technology companies in fields including software & information technology, cybersecurity and industry 4.0.

Neeve

Neeve

Neeve is an edge cloud platform transforming smart buildings and spaces, making them more secure, smarter, and more sustainable.