Insider threats continue to be a significant security issue for most organizations. Insider threats can come from malicious actors within the organization intent on stealing valuable property or doing damage. But these threats can also come from employees who unknowingly participate in malicious activity.
According to Carnegie Mellon University's CERT division, an insider threat is the “potential for an individual who has or had authorized access to an organization's assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization."
According to the 2020 Verizon Data Breach Investigation Report, 30 percent of data breaches involve insider threats. According to the report, internal actors can make mistakes that lead to a breach or intentionally abuse their privileges for unauthorized access to data. A malicious insider can steal or destroy sensitive data or compromise networks, communications, or other IT resources.
And many companies are wide open to an insider threat. A study by Varonis found that more than half of companies examined had more than 1,000 sensitive files available to every employee, that 17 percent of sensitive files were accessible to all employees, and that 38 percent of users had a password that never expired.
Some well-known examples include:
- An employee at Tesla sabotaged the manufacturing system and sent highly sensitive data to a third party.
- A former employee at SunTrust Bank stole the account information of 1.5 million customers and sent it to a cybercriminal.
- A former Coca-Cola employee stole a hard drive full of employee data.
- A former IT administrator sabotaged the Canadian Pacific Railway, deleting files, changing passwords, and shutting down train switches.
A former AWS software engineer exploited a firewall misconfiguration to steal 106 million Capital One customers’ financial data from the financial services company's AWS storage space.
So the insider threat is real and can be devastating for any company. But there are things you can do to prevent employees or other insiders from ruining your day.
Insider Threats and Zero Trust
The Zero Trust security framework is based on the premise that no person and no device can be trusted. It contrasts with the traditional perimeter-based security model that assumes people and devices inside the security perimeter can be trusted.
The insider threat is already inside the perimeter, so trusting them causes the problem in the first place.
By contrast, Zero Trust assumes an insider can be a threat and focuses on protecting systems and data regardless of location. The Zero Trust model has several components that are well-suited to combat insider threats.
Least Privilege Access
Zero Trust limits the access that users have to resources based on their roles and responsibilities. Users are given the access they need to do their jobs and no more. Eliminating overly broad user access reduces the risk that an insider will escalate privileges and steal data or do other damage to the company.
Continuous Authentication and Authorization
Authentication and authorization policies grant users the correct access they need to do their jobs. This can be thought of as security in a building. Authentication substantiates that users are who they say they are. Authorization grants users access to the appropriate rooms in the building.
Single sign-on (SSO) can simplify the authentication process by enabling a user to sign on once and access resources. With SSO, security teams can get visibility into who is accessing an application, where they are coming from, how they are getting to the application, and how they are using it. By its nature, SSO creates audit logs of users’ activities.
Multi-Factor Authentication (MFA)
The Zero Trust security model requires strict identity verification of every user trying to access network resources. A great way to verify identity and ensure secure access to systems and apps is through MFA, which uses at least two authentication factors to verify a person's identity or device. MFA is a core value of Zero Trust.
A Zero Trust approach places the emphasis on protecting the most important asset a company possesses: its data. This data-centric security approach focuses on the security of the data rather than on the security of applications, devices, or networks. It enables companies to bring together IT security with business objectives by relating security services directly to the data.
Lateral Movement Control
Zero Trust supported by privileged access management (PAM) helps control lateral movement within a network by malicious insiders. The goal of PAM is to secure, manage, and monitor privileged access to critical assets. Essential components of PAM include managing privileged access, password vaulting and management, MFA integration, and session monitoring. A PAM solution knows the type of access users are supposed to have and which assets they can access. It manages passwords for the users, monitors their sessions, and revokes privileges for suspicious behavior. This enables security teams to stop an insider threat before data is stolen or damage is done.
By integrating business systems with identity management tools like identity access management (IAM), identity governance and administration (IGA), and PAM, a company can have a comprehensive, yet simplified, view of the identities on its network. Without these tools, a company only gets a fragmented view on a per-app basis.
How Identity Solutions Can Help
Identity Solutions' approach centers on the Zero Trust system supported by MFA, SSO, PAM, and other platforms. We can advise you on the best-fitting software solution to improve your security and streamline your workflows.
With our assistance, you can evaluate what employees, vendors, and others are doing on your systems and monitor what applications and systems they are accessing. We provide the tools to uncover and stop any suspicious behavior before it leads to a data breach or worse. Identity Solutions helps you with your workflows, access policies, and security program. We have experts who can organize your systems so that the right people get the proper access securely.
We bring this together and put tools in place to ensure insider threats are discovered and stopped in their tracks. Our experts come in and organize your systems so that the right people get the right access to their jobs without putting confidential data or system integrity at risk.