Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 7 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

How to Strengthen your Insider Threat Security

By: Vina Nguyen, cybersecurity subject matter specialist

by Guru Writer
April 20, 2023
in Insight
How to Strengthen your Insider Threat Security
Share on FacebookShare on Twitter

Insider “threat” is a bit of a misnomer. Most insiders aren’t looking to cause harm. At best, they believe they’re cutting through the red tape; at worst, they’re apathetic.

 

Let’s take a common scenario: an employee sends sensitive data to their personal email to work over the weekend. A security-aware one may have thought, what’s the chance of someone hacking my email vs. me finishing this work by Monday? Pretty unlikely I’ll get hacked, so I choose work. (Send.)

 

At the enterprise level, this risk paints a different picture. When you’re managing an environment where the average cost of a data breach is $4.18 million, and nearly 10% of employees exfiltrate data over a six-month period, your risk calculation for the enterprise looks very different.

 

How do you stop the bleeding, and how do you prevent leaks from happening again? To cover your bases, consider a methodical, holistic approach: start with one strategy from each of the following, and iterate as your needs dictate. We’ll start from micro to macro.

1 – Monitor your data

 

Determining what you need to protect is the prerequisite to any prevention strategy.

Have you:

  • Identified your most critical assets (i.e., your “crown jewels”)?
  • Restricted access to these critical assets?
  • Determined how this access will be given?

 

If you’ve done all the above, let’s take a step further. Data needs to be protected in its various states: at rest, in use, and in motion.

 

Data at rest—stored on a file system, in a database—is vulnerable to unauthorized users. With techniques such as encryption, role-based access control (RBAC), and multi-factor authentication (MFA), you can scale policies of permission and reduce the number of compromised accounts.

 

Data in use—a user is reading or modifying it—is vulnerable to the actions of authorized users, both well-intentioned and not. To protect data in use, software solutions can flag or block behavior, such as screen capture or copy-and-paste of sensitive data.

 

Data in motion—in transit from one place to the next—is vulnerable due to the inherent expansion of the attack surface. You can stop data from being sent in the first place (blocking emails to external recipients, disabling USB ports) or protect it by using secure communication channels (VPN, encrypted email).

 

All of the above, plus more

 

If you want a comprehensive solution, data loss prevention (DLP) software can do all of the above and more. What if someone copies sensitive data into another file? DLP solves this by scanning for sensitive information (e.g., credit card numbers) of every document in all its states—at rest, in use, and in motion.

 

DLP is not without disadvantages; for example, traditional data detection requires an exact match. Current advancements in DLP focus on finding similar (vs. exact) patterns with machine learning, visualizing how your data is moved and modified, adding regulatory compliance, and even interpreting audio data for the most critical of environments.

 

2 – Detect unusual behaviour

 

Outside of data-centric preventions, you may want to detect any behaviours that could indicate someone has shifted from well-meaning to malicious intent. Maybe a night owl has decided to come in during the day, or someone is transferring files from directories they’ve never touched before. To detect the extraordinary, you need to capture the ordinary.

 

User Behaviour Analytics (UBA) software creates these baselines of “normal” by capturing and analysing data like user logins, file access, email activity, and application logs. User and Entity Behaviour Analytics (UEBA) applies the same concept to non-human entities such as network devices and applications. Keep in mind that UBA/UEBA requires professionals who can fine-tune these machine learning-based solutions to decide what’s abnormal or not.

 

If you’re seeking to simply record (vs. predict) what users are doing, you can use User Activity Monitoring (UAM) software. Typically used more specifically, UAM can log keystrokes and playback videos of user activity. You might enable UAM for a specific user you suspect of performing illegal activity.

3 – Engage your workforce

 

If you have insiders who want to cause harm, they’ll find a way to bypass all your technology. If you engage them pre-emptively, this will be your most effective defence.

 

The principles are simple, but if you’ve ever raised a human (or interacted with one), you know it’s easier said than done. The FBI, masters of hostage negotiation and behaviour analysis, will tell you that threat management is like good parenting:

  • Show empathy while setting clear boundaries.
  • Be patient while executing consequences.
  • Regularly re-evaluate progress.

 

The good news is that these skills can be taught, and experts can be brought in during the most serious of situations. At a minimum, your workforce should be able to recognise concerning behaviour and feel like they can (and should) report it. An individual’s reaction to stress and sense of self are all factors in assessing the threat level. Your workforce will have the intuition and first-hand insight technology cannot give you.

 

Besides increasing awareness through training, if your company embraces a culture of trust and pride—and hires people with similar values—the risk of insider threat goes down.

Iterate as needed

 

There’s always more you can do when it comes to playing defence. Check out the Insider Threat Mitigation Guide from the US Government’s Cybersecurity and Infrastructure Security Agency for a more in-depth resource.

 

The key is to focus on what you’re trying to protect and to build defences from there. By applying a strategy from each of these areas—your data, your activity, your culture—you can execute a series of quick wins and iterate as you go.

FacebookTweetLinkedIn
ShareTweet
Previous Post

UK government employees receive average of 2,246 malicious emails per year

Next Post

Dragos OT-CERT Celebrates One Year of Service

Recent News

large open office, bright.

Employees Feel 10 Times Calmer in an Environmentally Friendly Office Space

June 7, 2023
Blue Logo OUTPOST24

Outpost24 Acquires EASM Provider Sweepatic

June 7, 2023
Standard post, logos of brands, headshot.

J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry

June 6, 2023
iPad with Anxiety written on it in capitals.

Half of UK Employees Suffer From “Sunday Scaries”

June 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information