December 5, 2016 By Laurène Hummer 3 min read

Insider Threat: Not Like the Movies

The hacker is hunched over his machine, the hood of his gray sweatshirt covering his hair and plunging his face in shadows as he types feverishly on a black keyboard. Using his considerable skills, he infiltrates some of the best-guarded corporations, stealing valuable data and millions of dollars. He is halfway across the world in a dark apartment at a remote location, and corporations are powerless to stop him.

Actually, scratch that. While that’s the picture painted in movies and security commercials, that scenario is dead wrong in about 45 percent of cases.

The threat putting you at risk actually looks something like this: Your bioscientist unlocks the front door with her employee badge and logs into the lab computers with her credentials. She’s just been denied a promotion — again — and has accepted an offer from a competitor. She’s downloading some of her research onto a flash drive to take with her once she leaves your employment.

This banal action may not be movie-worthy, but the consequences and scope of the potential losses definitely are. That’s why many organizations are asking security professionals how to protect their data against insider threats.

Here are our recommendations in three steps.

1. Reduce Exposure

First, limit the ways in which a trusted insider or external actor can steal your data by making sure your key information is appropriately protected. Data security and identity and access management (IAM) tools, including access management and governance technologies, work together to do just that. In many organizations, however, these technologies are not well-integrated, and the resulting security gaps can put your data at risk.

To determine whether that’s the case in your organization, identify any data that you deem highly sensitive, such as trade secrets, proprietary data, customer lists, financial or employee information, etc. Then methodically map all its access pathways to figure out where it is located, how it is accessed and by whom. This will give you the insights necessary to determine whether your data security, access policies and user governance are working the way they should. From there, you can prioritize the security actions you need to take to protect your data.

This exercise enables you to answer the following questions:

  • Who has access to sensitive data?
  • Who should have access?
  • Are we restricting the ways in which legitimate users can access data to make it hard for others to steal it?

2. Detect the Insider Threat

Once your systems are in place and working well to minimize the risks to your sensitive data, you should be left with a small pool of legitimate users who require access to do their jobs and create value for your organization. However, these users can still pose a risk if they fall prey to an external actor or become malicious actors themselves.

For that reason, it’s important to monitor the way these users interact with your information to ensure they are using it in legitimate ways. Anticipate the risk of malicious actions before they occur and respond promptly when breached to reduce the damage an insider can inflict.

To cut through the noise and make sense of the millions of transactions you’ll likely observe from your users, analyze more than just their transaction patterns. Identify risk factors from other types of information, such as HR data, to flag users who could pose a greater risk. For example, employees in a division that just underwent a major reorganization or a round of layoffs could be more likely to develop malicious intent. Cross-referencing these risk factors together with the transaction patterns can help narrow down incidents for additional investigation.

Register for the Dec. 14 webinar: Three Steps to Stop Harmful Insider Actions

It’s also important to note that organizations can observe the behaviors of their users without violating their right to confidentiality, striking a balance between security and privacy. In most cases, you’ll be able to achieve meaningful results without compromising privacy.

This exercise will allow you to answer the following questions:

  • What are end users and administrators doing with data?
  • What do normal transaction patterns look like between users and your sensitive data?
  • How much can you trust each individual user?
  • When should a deviation be cause for further investigation?

3. Get Started Today

Don’t wait until the next breach to take action and secure your most sensitive data. You can start small to fight insider threats. Identify five to 10 pieces of data or information that are most important to your organization and go from there. If you don’t have the resources to do this exercise in-house, seek out a third-party vendor for help.

Last week, IBM announced a new insider threat protection offering to help customers address the security gaps insiders might exploit with an approach that provides clear, actionable intelligence. The security specialists involved have the business, data and IAM security experience to help you evaluate intelligence, draw more meaningful conclusions and prepare for next steps.

Attend our Dec. 14 webinar, “Fight Back Against Insider Threats: Three Steps to Stop Harmful Insider Actions,” to learn more about how you can reduce your risk and protect your critical data.

More from Identity & Access

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today