Insider Threat: Not Like the Movies

The hacker is hunched over his machine, the hood of his gray sweatshirt covering his hair and plunging his face in shadows as he types feverishly on a black keyboard. Using his considerable skills, he infiltrates some of the best-guarded corporations, stealing valuable data and millions of dollars. He is halfway across the world in a dark apartment at a remote location, and corporations are powerless to stop him.

Actually, scratch that. While that’s the picture painted in movies and security commercials, that scenario is dead wrong in about 45 percent of cases.

The threat putting you at risk actually looks something like this: Your bioscientist unlocks the front door with her employee badge and logs into the lab computers with her credentials. She’s just been denied a promotion — again — and has accepted an offer from a competitor. She’s downloading some of her research onto a flash drive to take with her once she leaves your employment.

This banal action may not be movie-worthy, but the consequences and scope of the potential losses definitely are. That’s why many organizations are asking security professionals how to protect their data against insider threats.

Here are our recommendations in three steps.

1. Reduce Exposure

First, limit the ways in which a trusted insider or external actor can steal your data by making sure your key information is appropriately protected. Data security and identity and access management (IAM) tools, including access management and governance technologies, work together to do just that. In many organizations, however, these technologies are not well-integrated, and the resulting security gaps can put your data at risk.

To determine whether that’s the case in your organization, identify any data that you deem highly sensitive, such as trade secrets, proprietary data, customer lists, financial or employee information, etc. Then methodically map all its access pathways to figure out where it is located, how it is accessed and by whom. This will give you the insights necessary to determine whether your data security, access policies and user governance are working the way they should. From there, you can prioritize the security actions you need to take to protect your data.

This exercise enables you to answer the following questions:

  • Who has access to sensitive data?
  • Who should have access?
  • Are we restricting the ways in which legitimate users can access data to make it hard for others to steal it?

2. Detect the Insider Threat

Once your systems are in place and working well to minimize the risks to your sensitive data, you should be left with a small pool of legitimate users who require access to do their jobs and create value for your organization. However, these users can still pose a risk if they fall prey to an external actor or become malicious actors themselves.

For that reason, it’s important to monitor the way these users interact with your information to ensure they are using it in legitimate ways. Anticipate the risk of malicious actions before they occur and respond promptly when breached to reduce the damage an insider can inflict.

To cut through the noise and make sense of the millions of transactions you’ll likely observe from your users, analyze more than just their transaction patterns. Identify risk factors from other types of information, such as HR data, to flag users who could pose a greater risk. For example, employees in a division that just underwent a major reorganization or a round of layoffs could be more likely to develop malicious intent. Cross-referencing these risk factors together with the transaction patterns can help narrow down incidents for additional investigation.

Register for the Dec. 14 webinar: Three Steps to Stop Harmful Insider Actions

It’s also important to note that organizations can observe the behaviors of their users without violating their right to confidentiality, striking a balance between security and privacy. In most cases, you’ll be able to achieve meaningful results without compromising privacy.

This exercise will allow you to answer the following questions:

  • What are end users and administrators doing with data?
  • What do normal transaction patterns look like between users and your sensitive data?
  • How much can you trust each individual user?
  • When should a deviation be cause for further investigation?

3. Get Started Today

Don’t wait until the next breach to take action and secure your most sensitive data. You can start small to fight insider threats. Identify five to 10 pieces of data or information that are most important to your organization and go from there. If you don’t have the resources to do this exercise in-house, seek out a third-party vendor for help.

Last week, IBM announced a new insider threat protection offering to help customers address the security gaps insiders might exploit with an approach that provides clear, actionable intelligence. The security specialists involved have the business, data and IAM security experience to help you evaluate intelligence, draw more meaningful conclusions and prepare for next steps.

Attend our Dec. 14 webinar, “Fight Back Against Insider Threats: Three Steps to Stop Harmful Insider Actions,” to learn more about how you can reduce your risk and protect your critical data.

More from Identity & Access

How to Keep Your Secrets Safe: A Password Primer

There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don't know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within…

Making the Leap: The Risks and Benefits of Passwordless Authentication

The password isn't going anywhere. Passwordless authentication is gaining momentum, though. It appears to be winning the battle of how companies are choosing to log in. Like it or not, the security industry must contend with both in the future.  But for some businesses and agencies, going passwordless is the clear strategy. Microsoft, for instance, has recently stopped forcing users to use a password to access their account, which allows access to a wide range of Microsoft business and personal…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…