A survey of IT Security professionals conducted by Imperva has found that 43% believe they could successfully carry out a cyber attack on their own organizations. 22% believed they had a 50/50 chance of success. Since the time of this study, Desjardins and Capital One were the victims of a major insider breach. If you are the CEO or CISO of an organization, this means that It’s worth looking into what steps your organization has taken to prevent insider threats, both intentional and unintentional.
Background checks and monitoring of behavior
One thing an organization can do is background checks of its employees. Background checks can include checking for a criminal record, credit history, driving record and resume/reference confirmation. Having this information available before hiring, an organization can save themselves a potential problem down the road. In addition, ongoing monitoring of behavior once hired can also be a potential indicator of an insider threat. A disgruntled team member could be the insider stealing corporate information. Similarly, a careless staff member could be the weak link that opens the phishing email leading to a breach. By monitoring on the job behavior, it could potentially prevent the insider threat.
Principle of Least Privilege: Controlling and monitoring who has access
According to Wikipedia, the principle of least privilege “means giving a user account only those privileges which are essential to perform its intended function. For example, a user account for the sole purpose of creating backups does not need to install software: hence, it has rights only to run backup and backup-related applications. Any other privileges, such as installing new software, are blocked. The principle applies also to a personal computer user who usually does work in a normal user account, and opens a privileged, password protected account (that is, a superuser) only when the situation absolutely demands it.” Simply put, a user in Human Resources does not need access to accounting data. In addition to this type of control, monitoring and recording user actions can help prevent insider threats and is an effective detection tool in case an insider attack has happened.
User education is key in preventing a breach. Many a breach has been caused by an unsuspecting employee clicking on a bad link in a phishing email. With education, your employees will become your first line of defense against cyberattacks: “employees who are educated and aware of potential threats can help defend your organization by avoiding things like social engineering scams. Employees who are uneducated or ill-trained in cybersecurity are prone to fall for scams or engage in risky behaviour when transferring files, accessing data, or using social media. That can leave your firm open to attack.”