June 8, 2015 By Veronica Shelley 3 min read

With insider threats consistently named a key security risk, organizations realize that managing and monitoring user access is a top priority. Insider threats can be caused by honest employees, external contractors working for trusted third parties or a cybercriminal with access to an insider’s credentials. With so many assets and information online and accessible, organizations must take a proactive approach to defending against the insider attack, starting with implementing security tools and practices that support a trusting relationship with user communities. While no one can prevent all insider attacks, adopting a proactive, intelligence-driven approach can help reduce risk, improve compliance and enable the IT organization to better support business initiatives.

Trust, but Verify

Every day, your organization is processing business transactions, collecting sensitive data and collaborating with partners. To make all this work, the modern enterprise depends on trust — trusting employees to not divulge company secrets, trusting partners to not leak customer information and trusting suppliers to protect sensitive data. If people need access to sensitive information and critical systems to do their jobs and service customers, the organization needs to establish and enforce a level of faith associated with that access. Trusting stakeholders to use their access privileges appropriately — and verifying that they do so — can be the most critical and difficult challenge of dealing with insider threats. Another challenge is user authentication: trusting and verifying that the individuals are who they really claim to be every time they try to access information.

Best Practices for Mitigating Insider Threats

To operate efficiently and securely, organizations need to back up the trusted relationships they have with security tools and intelligence that support and validate the level of confidence they place in their business constituents. This is made easier through the application of a few strategies that focus on reducing the risk of insider threats.

1. Identity Management

Let’s face it: One of the most effective ways to minimize the damage people can do to your organization’s security is to limit their access to sensitive information. Provisioning users with access beyond what they need is an unnecessary risk and should be avoided, and their access privileges should be rescinded when they leave the organization. Automated deprovisioning can ensure that orphan accounts aren’t left open for future exploitation by external cybercriminals or malicious insiders.

It takes a sensitive touch to manage this control without impacting the trusted relationship with employees, partners and others. If security controls are too strict and block access to previously available resources, some people may be offended, feeling their own company distrusts them. Partners or suppliers may get frustrated if they are blocked from accessing information needed to complete business transactions. Therefore, attempts to reign in access are often met with resistance and should be handled carefully. But it’s worth doing. Blocking user access to assets they don’t need can reduce the risk of a security breach. Automated, policy-based user provisioning and self-service tools can help strengthen established business policies tied to user entitlements.

Watch the on-demand webinar: Why Insider Threats Challenge Critical Business Processes

2. Identity Governance

As people move about an organization, they can end up with overlapping roles and duplicated or inconsistent entitlements. This “entitlement creep” can lead to improper access to and use of sensitive information, which can contribute to business conflicts and separation-of-duty (SoD) violations. Identity governance tools can help verify and clean up existing user entitlements, building accurate role models and enacting policies and processes that ensure users have appropriate access privileges.

3. Access Management and Risk-Based Authentication

Verifying the identities of mobile users is a big challenge and should involve authenticating the device as well as the user. Device scanning, two-factor authentication and context-based access policies can all help protect applications against fraudulent and unauthorized access.

4. Security Intelligence

The sheer volume of audit and log data from users can actually impede forensic investigation and detection, preventing administrators from uncovering insider attacks or inappropriate user activities. Security intelligence practices, such as the use of security information and event management (SIEM) tools, can provide invaluable resources for validating access and highlighting user anomalies. This data can equip security teams with the insight they need, including an improved ability to distinguish malicious from nonmalicious behavior, so the bad guys can be identified and stopped.

Conclusion

Combating insider threats is a continuous process, but it’s an effective approach to improving an organization’s security posture and increasing protection from external attacks. User credentials, including privileged identities, are often used by attackers once they are inside the enterprise. Safeguarding users’ identities and implementing security intelligence can reduce the damage from external attacks.

More from Identity & Access

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today