Neutralizing the insider threat from within

Imagine working within one of the world’s most heavily guarded and classified facilities. Now imagine that the computer system in this facility became infected with a virus. How could this happen?

Did a foreign agent breach the physical security system and suspend themselves from ropes in the data center like the scene from a Hollywood movie to plug their smart device into the supercomputer and upload this bug? Or is one of your coworkers being blackmailed into concealing a thumb drive inside their coffee tumbler to compromise the system? Or did a state-sponsored satellite move into a low-Earth orbit and intercept a ship-to-shore ground-wave communication signal, creating a man-in-the-middle attack?

The reality is that Tom, from accounting, wanted to share a couple of email jokes with his friends stationed in Hawaii and brought a USB he uses at home into the office in his backpack, and simply slid it into his workstation and uploaded a few “harmless” images to email across the encrypted network.

The reality of our modern computing systems is that no matter how sophisticated the code or how thorough the architecture the human operator is both the greatest asset and the weakest link in the chain. The insider threat is and will continue to be the single greatest issue facing security professionals across the globe.

It’s a matter of trust

This is largely due to the fact that at some level, the human operator must be trusted by the system. That’s not to say that all users make honest mistakes. Quite the opposite. Unfortunately, there will always be a small category of malicious users that purposefully cause harm or wrongly take data from the system for personal gain or to damage the organization. For instance, a disgruntled employee who feels they were passed over for a promotion or not given credit for a specific work outcome or are angry with their coworkers for a host of reasons.

On the other side of the malicious threat coin is business intelligence. Employees looking to take intellectual property, either because they believe that they own the rights to said IP or to transport that IP to a new employer are common sources of data theft.

So, how do we protect our information? As mentioned earlier, trust is necessary for day-to-day business activities to occur across the many systems in an organization. Your HR department can’t function if you don’t feel you can trust your HR business partners with employees’ personal data. Equally, your finance team can’t fulfill their duties if your accountants can’t be trusted with sensitive corporate financial information.

Have the correct conversations

The answer is multifaceted. On the one hand, training and awareness can address negligence to a degree. Employees might be genuinely unaware of how easily their behavior could impact the organization’s security posture. Learning how to speak to different types of employees to create the correct value chain discussions is a great starting point.

For example, executives and sales staff might be interested to learn that a security breach could potentially dent the company’s profit margins, thereby affecting their compensation plans. Shop floor employees are less likely to relate to management bonuses, but if they understand that if the manufacturing floor had to be shut down to “clean” the servers, they might not be able to work those overtime shifts on which they depend for extra income. This would certainly make them pay attention.

Why thoughtful technology decisions matter

While training can’t address intentional attacks, a properly designed, architected and monitored security plan can. Properly placed and integrated tools like host-based endpoint detection and response, data loss prevention and intrusion detection systems and a holistic managed detection and response plan are excellent starting points. Obviously, simply buying and deploying the latest security tools won’t make your problems evaporate. Only through a thorough understanding of the environment, ongoing evaluation and tuning and constant real-time monitoring can security leaders sleep easy at night.

The next questions are, what tools are right for your organization, when should they be purchased, configured and deployed, and who is going to watch the various dashboards?

Working with a managed security service provider can help take the guesswork out of threat detection.