Page 54 - Cyber Warnings
P. 54
Practical Guide: How to Prevent Insider Threat
by Dennis Turpitka, Practical Guide How to Prevent Insider Threat, Ekransystem
(https://www.ekransystem.com/en)
Nowadays, everybody is aware of the danger of internal threats to information security. Several
times a year we hear news reports about a new high profile data breach caused by malicious
insider. The most recent example that comes to mind is the Washington State Health Care
Authority (HCA) breach from February 9, 2016, when the data of more than 90 000 patients was
misused by an employee.
Most of these reports are coming from government institutions, however this does not mean that
private companies are not susceptible to malicious threat coming from within. In fact, insider
attacks are something that businesses all over the world experience every day, but many of
them choose to not publicize such attacks if at all possible, since it can easily damage their
reputation and lead to a loss of clients and investors.
Insider attack in itself is an umbrella term that covers many types of malicious actions, from a
completely intentional data theft or fraud committed for profit, to sabotage for making a point or
getting back at a company, to industrial espionage, to even honest inadvertent mistakes. The
thing that all of these actions have in common is the fact that they all are committed by
employees with legitimate access to inner workings of you company. Often said employees are
managers, database operators, programmers or IT specialist, working with sensitive data,
infrastructure or critical system settings.
Effectively dealing with such a variety of threats from within the organization is a complex and
layered process that requires commitment on the part of the company. Using the right internal
threat management software will lend you some results, but for truly preventing and detecting
insider threats, your very approach to employee management should be designed in a specific
manner.
Making sense of all the tips and recommendations for dealing with insider threats can be hard
and time consuming. This is why we took all the best practices and distilled them to six large,
yet necessary steps that we combined into this practical guide How to Detect Insider Threats.
By following these six steps and incorporating them into your company IT security, you will be
able to effectively prevent insider threats and will have all the necessary measures in place for
an efficient detection and response to a potential insider attack.
Step 1. Understand insider threats
In order to make your security truly effective, you need to first understand the nature of insider
threat and what different types of them exist. Internal threats to information security are coming
from insiders that are usually defined as people, who have legitimate access to restricted
information and critical infrastructure of your company.
There are three main groups that can be classified as insiders:
54 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
