Although you may never know the next attack vector a cyberthreat actor will use, you know they pose a threat. But are you equally as aware of the hard truth of insider threats? The Office of the Director of National Intelligence’s National Counterintelligence and Security Center has declared September 2022 as the fourth annual National Insider Threat Awareness Month. It’s a good reminder for businesses of all sizes and in all sectors that work models – and the risk of insider threats – have changed.
Don Boxley, CEO and Co-Founder of DH2i, says, “Organizations and their employees have learned that we can work from virtually anywhere given the right circumstances. And by circumstances, I mean support from leadership and the right technology.”
“Unfortunately, the work anywhere paradigm has also led to an exponential increase in cybersecurity attacks – not just from external cybercriminals but also from malicious internal actors as well,” he says. “And what makes the internal threat even more dangerous is that many of these bad actors are armed with the knowledge of confidential internal security procedures, which adds to their ability to cause serious harm to your organization.”
The Cybersecurity and Infrastructure Security Agency (CISA) reports that the financial impact can range depending on the size of the business, from more than $16.7 million for organizations with more than 25,000 employees; $12.6 million to $14 million for organizations with between 5,000 and 25,000 employees; and $6.9 million to $9.7 million for businesses with fewer than 5,000 employees.
Steps to Combat Insider Threats
CISA recommends a comprehensive insider threat mitigation program built on the framework of “detect and identify, assess, and manage.”
- Detect and Identify: Insider threats often evolve over time and demonstrate certain behaviors. Malicious insiders may change how they interact with peers, the business, and technology. Additionally, people often leak their plans to others, which makes enlisting members of your team to stay vigilant crucial to protecting your business. Create a safe environment in which employees can share their concerns.
- Assess: Every suspicion doesn’t necessarily indicate a bona fide threat. Threat assessment enables you to use data, behavior information, and the capability to do harm to make informed decisions about the situation.
- Manage: A proactive approach is best to limit the possibility that malicious insider activity could lead to a data breach or some other harm to your business. Also, establish policies for dealing with disgruntled employees and conducting investigations that preserve the privacy and dignity of the person involved.
Technology for Mitigating Risks from Insider Threats
In addition to management techniques, policies, and procedures that mitigate risks, businesses can also implement technology solutions to combat threats, both internal and external.
Brian Dunagan, Vice President of Engineering at Retrospect, a StorCentric Company, stresses the ability to detect and recover from an attack quickly. “A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must,” he says. He adds that anomaly detection needs to be tailored to a business’ systems and workflows, and anomalies must be reported immediately, and data preserved for analysis.
Dunagan also says, “Certainly, the next step after detecting the anomaly is providing the ability to recover in the event of a successful attack. This is best accomplished with an immutable backup copy of data, also known as object locking, which ensures that the data backup cannot be altered or changed in any way.”
Surya Varanasi, CTO of StorCentric, agrees, “As ransomware and other malware attacks continue to increase in severity and sophistication, we understand the need to protect backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.” He says an “unbreakable backup” can “can ease worry about the ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.”
Boxley adds that providing a more secure way to connect is essential for protecting your business. He suggests transitioning from a virtual private network (VPN) to a software-defined perimeter (SDP). He says this approach enables organizations to use zero trust network access tunnels to seamlessly connect all applications, servers, IoT devices, and users behind any symmetric network address translation (NAT) to any full cone NAT without having to reconfigure networks or set up complicated and problematic VPNs.
Security, Inside and Out
Many of the tech solutions you deploy to protect your business and your data from external threats will also help detect and stop insider threat activity. However, dealing with potential malicious insiders is a more sensitive issue. Your team is your most valuable asset, and concerns must be addressed in ways that won’t negatively impact relationships or your work culture – but when signs point to threats, you must address them.
Use National Insider Threat Awareness Month to establish policies, raise awareness among your team, and add an extra layer to security for your business.