Insider threats are people who work for the organisation itself. This could be anyone who has access to an IT system. This includes:
- Regular employees
- Privileged IT users/admins
- Senior directors and executives
- Onsite contractors and temporary workers
- External service providers with internal access
- Customers and visiting guests
Many cyber security threats will come from the accidental or malicious involvement of members of staff or related stakeholders. The threat can also come from guests and third-party contractors who are given access to the IT system to complete their assignments.
How big is the problem?
The CA Insider Threat 2018 Report details the results of a survey designed to uncover the latest trends and challenges regarding insider threats. It also identifies solutions to prevent or mitigate insider attacks. The key risk factors identified included too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the growing complexity of IT systems (35%). Just over half confirmed their organisation had experienced an insider attack in the previous 12 months.
Preventing and mitigating insider cyber attack
Insider data threats present another layer of complexity for IT professionals to manage, requiring careful planning with regards to access controls, user permissions and monitoring user actions.
The most popular technologies used to counter insider threats are Data Loss Prevention (DLP), encryption, and identity and access management solutions. To more effectively detect active insider threats, companies are also deploying Intrusion Detection and Prevention (IDS), log management and SIEM platforms.
These technologies tend to focus on detection, deterrence and post-breach forensics. The CA Insider Threat 2018 Report confirms a growing trend toward the use of continual behavioural monitoring of user activity and their access to sensitive data sources. Many employ endpoint detection and response (EDR) systems which are monitored by their internal IT team or an outsourced security operation centre (SOC).
Worried about your business’ Cyber Security? Fear not, our cost-effective Cyber Security reviews help companies stay ahead of cyber-attacks. Enquire today to speak to one of our experienced cybersecurity consultants.