Beware of friendly fire
Insider risks: A well-known problem
It’s common knowledge among cybersecurity professionals that enterprises face insider security risks. Are all insider risks malicious? No, but all incidents require an appropriate security response. Whether an employee opened an infected document accidentally or knowingly, the outcome is the same. About 75% of companies are aware of insider risks but react only after the fact.1
How serious are internal threats?
Internal threats account for more than 50% of all data loss incidents and have increased by 50% over the past four years.2 Contrary to intuitive expectations, 59% of IT security leaders see insider risks rising in the next two years.3 To put it mildly, internal risks are a significant problem that is growing over time despite the best efforts of security teams.
Aside from being a grave threat, internal risks could pose a substantial regulatory compliance problem. 53% of companies view human errors as significant risks to the privacy of employees, customers and business partners.4
Five ways to reduce internal risks
Protecting against internal risks is easier said than done, but a disciplined approach would help dramatically reduce the threats.
- Take threats seriously. Internal threats are real and can cause serious damage. More than 50% of enterprises don’t monitor insider risks at all, while 21% only monitor user behavior (but not files or apps).5
- Adopt a zero-trust strategy. The management of access to devices, data and apps should be limited to authorized parties using role-based policies and multi-factor authentication, without exceptions. Employees can gain access to systems, apps and data needed for work when using authorized devices. The remote workforce can play a big role here by locking their devices when not in use. Companies should take proactive protective measures that are as simple as blocking USB ports and devices on company computers.
- Centralize visibility and management. To protect an enterprise environment, IT must establish complete visibility from the edge to the cloud. One can only protect things that they can see. 62% of companies have gaps in their IT security infrastructure that allow attackers to penetrate their defenses.6 Deploying centralized monitoring and visibility offers consistent policies across all devices, apps, data and users. Complete visibility enables efficient management of the monitored environment, consistent detection of anomalies, classification of threats and most importantly, proactive responses. The type and scale of response are critical in preventing future internal threats. Unfortunately, reactions to insider risks in many organizations do not rise to the expected levels. 66% of security leaders respond to an insider threat with an email to the employee. Furthermore, 56% bring the action to the attention of the employees’ manager. You get the picture.7
- Automate with AI/ML. The high rates of cyberattacks have made it impractical for humans to effectively inspect incoming flows and determine the severe threats that require a response. Automated processes using AI/ML can inspect incoming traffic and alert IT to abnormal situations. AI/ML automation can also help detect internal threats, where attacks inside the IT infrastructure can be discovered before they result in breaches.
- Train employees. Informed employees are the best defense against internal risks. 40% of enterprises acknowledge that employees and users lack the adequate training necessary for identifying potential threats.8 Regular security training coupled with random and frequent security readiness testing or gaming increase employee’s security awareness and lower internal risks.
Keep things under control
Internal risks have increased dramatically with the pandemic and the expansion of the distributed workforce with little to no preparation by IT security teams. While the chances of internal threats have increased, IT security teams can lower risks by adopting zero-trust access policies and role-based authorizations. A cornerstone of effective measures against internal threats is complete visibility coupled with centralized management. Finally, the time has come for IT security teams to adopt AI/ML tools to fend off against the rates of attacks, false alerts and shortage of expertise.
- 1, 5, 7. Code42 July 2020. “Security Leaders Know Insider Risk is a Major Problem.”
- 2, Code42 2020. “The Usual Suspects.”
- 3, Code42 December 2020. “Data Exposure Report.”
- 4, 6, 8. Ponemon Institute June 2020. “The 2020 Study on Closing the IT Security Gap: Global.”