Page 32 - Cyber Defense eMagazine - September 2017
P. 32

Dealing with Insider Threats: How to Repair the Weakest Link in

                                              Your Network Security



               The  greatest  threat  to  an  organization’s  security  is  often  its  own  employees.  Consider  that
               insider threats resulted in 71 percent of reported cyberattacks in the healthcare industry and 57
               percent  of  reported  cyberattacks  in  the  financial  services  industry  in  2016,  according  to  IBM
               research.

               In both of those industries, the majority of the attacks depended on the actions of employees
               who had no malicious intent but had unintentionally compromised the network security of their
               organizations. However, insider threats can also be more sinister. In this article, we will define
               the different types of insider threats and explain how to curtail them.

               Recognizing insider threats

               Insider  threats  are  classified  as  either  active  (intentional)  or  passive  (unintentional).  The
               difference is whether the perpetrator is acting in a malicious manner or instead has been duped
               into taking an action that could allow outside parties to gain network access. Passive insider
               threats  involve  users  who  are  ill-informed  or  working  in  an  environment  with  a  poor  security
               posture.  These  are  the  people  and  users  who  fall  victim  to  social  engineering,  the  use  of
               deception to gain information to be used for fraudulent purposes.

               To  demonstrate  this  comparison,  a  malicious  employee  might  seek  to  steal  information  for
               financial gain or to embarrass the company. Conversely, a passive threat could occur when a
               user  clicks  on  a  link  in  a  phishing  email  or  is  tricked  into  revealing  security  credentials  to  a
               hacker posing as someone else from within the organization.


               Fighting insider threats

               To  combat  insider  threats,  organizations  can  provide  security  awareness  training  to  educate
               workers. For instance, employees can learn how to spot phishing emails and how to look for
               signs of other employees who may have malicious intentions.

               This is where employee buy-in comes into play. It is crucial to make sure a team member knows
               why  it  is  important to  alert  someone  in  IT  about  phishing  attempts  or  suspicious  phone calls
               trying to solicit information. Cyberattacks can be very damaging, both monetarily and regarding
               reputation. Employees need to understand why it’s so important to be diligent.


               Building a safe culture

               It is important for an organization’s IT and human resources departments to build a cooperative
               relationship. IT should be notified immediately when an employee leaves the company in order
               to  terminate  access  privileges.  This  prohibits  disgruntled  ex-employees  from  accessing  the
               network from outside the office in order to cause mischief.


                    32   Cyber Defense eMagazine – September 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   27   28   29   30   31   32   33   34   35   36   37