Can You Spot Risk Hiding in Plain Sight? 15 Best Practices to Thwart Insider Threats

What is an insider threat? The Cybersecurity & Infrastructure Security Agency (CISA) defines an insider threat as “the potential for someone with authorized access and knowledge of an organization’s digital and physical assets to use that info to harm the organization.”

Insider threats have dramatically increased with the expansion of hybrid work. The reduction in workplace visibility makes it harder for companies to track the digital work activities of employees. In the hustle to get the job done, employees often ignore or evade the security protocols inherent in an office setting—they utilize public Wi-Fi, download rouge apps, and link to the company network from multiple devices. The volume of insider threats, prompted by intentional or careless behavior, has risen and has impacted business outcomes.

How can enterprise organizations prevent insiders from sabotaging proprietary company data without physical monitoring, peer pressure, and in-office training programs?

The Weakest Link

Employees understand the value of data to enable analysis, product development, customer engagement, and to ensure financial stability. But, legitimate access to company systems makes insider threats harder to spot. Malicious employees may exploit the complexity of hybrid work and resulting lax data security controls for financial gains or emotional justification.

Known as the ‘weakest link’ in your system, employees are the reason the risk of inside security threats is so high. Ponemon’s 2022 Cost of Insider Threats Global Report found that 62% of insider security threats stem from negligent employees. ‘Negligent’ sounds almost harmless, but not when you consider that breaches traced back to negligent employees cost companies $6.6 million per year. Malicious insiders can cost $4.1 million per year, and compromised credentials are responsible for $4.6 million in annual containment and recovery costs. 

Risky Behavior 

To reduce unethical and destructive behavior by employees, your organization should exercise extra vigilance and increase security awareness training. Here are some examples of risky behaviors that should alert you to a problem:

• Repeatedly losing devices
• Sharing logins and passwords
• Bypassing security protocols to get into the system faster
• Using a USB/flash drive to ‘take work home.’
• Sending sensitive files to an unauthorized recipient
• Uses authorized access to search for files unrelated to a specific role
• Logging in on multiple devices at the same time
• Emotional or financial connection to a competitor
• Linking unknown devices to the company network
• Ignoring patches for personal devices used for work

Nothing on this list points directly to malicious intent, but it is essential to be mindful of the risk potential. Employees and third-party vendors should be subject to role-based access controls to reduce risk as their company access alone is attractive to cybercriminals.

Intentional sabotage and the deliberate exfiltration of sensitive data can devastate critical infrastructure and company performance and negatively impact morale and customer trust.

Security is Everyone’s Responsibility

Regardless of the size of an organization, it is crucial to use socio-technical solutions to create a culture of cyber safety. In addition to deploying security and monitoring tools, executives should communicate how employee behavior can impact critical business operations by sharing projected costs associated with downtime and restoration. Employees who are ‘negligent’ insider threats must understand the value of cyber hygiene and become more intentional when using data and network connections. Employees will accept additional security procedures more readily if they understand the “why” behind the processes.

As you identify problem behaviors, also endeavor to uncover emerging threats across the entire digital landscape. Don’t be afraid to share details of ransomware attacks in your industry and explain how employees are often targets of phishing scams due to their position. You may see even faster employee buy-in if cybersecurity can be tied to performance metrics. 

To encourage a cyber-safe mindset, give employees the tools they need to spot threats and question suspicious activity. Engage your workforce by encouraging feedback and taking a comprehensive view of cybersecurity as a long-term investment in the people, processes, and technologies that target risk reduction.

Give your staff the training to spot malicious intent in coworkers and to avoid sophisticated email and app scams. Executives can build trust among employees by participating in the same cybersecurity training program and complying with the same security measures.

No one wants to add another layer of security monitoring complexity to an already crowded security platform but developing an insider threat risk management system is business-critical. If not, your IT team will grow more frustrated when employees don’t take threats seriously and are the root cause of cybersecurity incidents.

Best Practices for Thwarting Insider Threats

Today, less than 20% of enterprise organizations have measures in place to address insider threats. But Gartner expects increased awareness of insider threats’ damaging impact will push that number to 60% by 2023.

Whether or not data breaches are born of malicious intent, the ability of an employee to siphon valuable data is a big red flag highlighting an inferior cybersecurity program. Internal cybersecurity is as critical, if not more so, than external-facing cybersecurity. Why? Because internal users can exfiltrate data quickly as they are already active in your system. If active data and communication monitoring haven’t been implemented, it may take far too long to recognize the insidious behavior.

The 15 best practices for internal cybersecurity enforcement:

1. Continuous monitoring of employees and data
2. Encrypt data (PII, financials, intellectual property)
3. Access controls based on user role
4. Implement IT an asset management system to keep track of devices and software
5. Prevent the ability to save/copy & paste onto personal computers
6. Monitor email accounts
7. Apply the same level of security to remote/hybrid/in-office employees
8. Remove access to systems immediately upon termination of an employee
9. Restrict physical access to data – downloading to a memory stick should trigger an alarm
10. Background checks for all employees – make sure vendors employ the same protocol
11. Assess the necessity of third-party access to your systems
12. Classify data by sensitivity and restrict access 
13. Establish alerts when unauthorized downloads are attempted
14. Reward speedy disclosure of mistakes – clicking on spam, falling for a phish, sending a sensitive file to the wrong recipient
15. Implement mandatory cybersecurity awareness training across the organization

Support for your Cybersecurity Program

TBConsulting, a Managed Services Provider (MSP) in Phoenix, Arizona, can help your organization build a comprehensive cybersecurity program to address emerging threats coming from both inside and outside your organization. Our security experts focus on building operational resiliency, protecting critical infrastructure, and reducing the risk profile of organizations.

TBC understands cybersecurity as a business performance issue. Contact us today for a Security Posture Assessment that will identify vulnerabilities in your IT environment and recommend an actionable remediation program.