Three Common Risks Factors for Insider Threats11, October 2018
Insider threats have become a formidable concern for companies worldwide. Their rapid proliferation has forced the Community Emergency Response Team (CERT) to update its definition of insider threat — “the potential for an individual who has or had authorized access to an organization’s assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.”
Companies are scrambling to incorporate internal safety measures in their security strategy. But before we embark on how companies can protect themselves from these attacks, it is crucial to understand what needs to be protected. Identifying the Achilles heel for internal threats will facilitate the creation of a much stronger, more sustainable internal security strategy.
What are the most vulnerable areas when it comes to insider threats?
Three areas that are most susceptible to insider attacks:
Providing the exact level of access
Sixty-six percent of internal threats are due to weak access controls. The primary reason insider threats are hard to detect and prevent is because they are committed by insiders who are given access to business-critical information, company’s assets and sensitive information to perform their job. Privileged users were the most significant insider threat risk in 2017, amounting to 55 percent of all insider attacks. When the access is too controlled, it inhibits the employees from doing their job. When it is too relaxed, it increases the vulnerability of a company to cyber attacks.
The solution to achieving the balance lies in the principle of least privilege (PoLP.)
Protecting sensitive data
The recent ERP Maestro-commissioned survey showed that companies found protecting sensitive data to be the most challenging. Another study on Global Data Risk revealed that 58 percent of the companies have over 1,000 sensitive folders open to everyone. CMU CERT researchers say employees who have been given special access to sensitive data and code develop a sense of privilege or entitlement to the intellectual property. They feel it belongs to them. CERT put forward the notion of “entitled independents” where the insiders have no qualms in taking the information and documents they worked on because they feel ownership to what they created.
Visibility into how the sensitive access is being utilized and the ability to document every transaction involving such crucial data is a strong preventive measure to prevent data breach.
Reducing segregation of duties (SOD) risks
The largest US municipal fraud incident in Dixon, IL — a $53 Million embezzlement case – happened because of the complete lack of SOD controls. Gartner’s 2017 Market Guide suggests that effective segregation of duties controls can reduce the risk of internal fraud by up to 60 percent. Companies differ in their risk tolerance based on industry. However, every company needs to separate duties to ensure users do not misuse their privileges.
To protect an organization in the above three high-risk areas, organizations need continuous visibility and constant control over their internal risk landscape. To learn more about the steps that can be taken to build a robust internal controls strategy, download our recent eBook.