Be alert to insider threat cybersecurity

How can you lower your risk of being attacked from within?
4 April 2023

Mike’s not as happy as he should be. Potential insider threat?

Getting your Trinity Audio player ready...

Insider threats are almost certainly exactly what you think they are – but they’re more besides. You don’t have to be working inside an organization to be an insider for the purposes of insider threat – you only have to exist within an organization’s daily processes, or to have access to organizational information. That means vendors, freelancers, and anyone who’s been given access to a computer system can be an insider threat, just as much as anyone paid a standard wage. And where there are potential insider threats (which is everywhere), you need to practice the increasingly complex art of insider threat cybersecurity.

Types of insider threat.

It’s worth noting that not all insider threat is necessarily malicious or targeted. Negligence and carelessness are equally valid ways to put an organization’s critical infrastructure at risk.

Negligence or accident.

Everyone is capable of having an accident – you mistype an email address, or absent-mindedly select one that auto-populates your send field, you’re in a hurry to get to a meeting, or it’s Monday and there has not yet been sufficient caffeine in your day, and bang – you’ve sent a file of your organization’s sensitive operational data to a vendor, a journalist, or even an unauthorized colleague. Once the data is outside the ecosystem of permission, it can theoretically be sent anywhere and the data breach is potentially cataclysmic.

Negligence is a different matter. It can only occur when people are aware of what they should and shouldn’t do – and take unnecessary risks anyway. Throwing confidential documents in the trash un-shredded – negligence. Leaving computer screens unlocked with organizational data visible while you’re away from your desk – negligence. For that matter, leaving documents, USB drives or any other easily liftable data storage sources on your desk when you leave it – negligence that can result in insider threats.

Intentional threats.

Of course, intentional insider threats are much easier to comprehend, if not necessarily easier to guard against. These are threats that arise when individuals take action against organizations or their data either for personal gain, personal grievance, or to obey collusive instructions from others.

An increasingly uncertain economy and a challenging cost of living environment can sharpen incentives for people to undertake intentional theft and sale of data – assuming there are no measures in place to stop them accessing and removing that data.

It’s also important to recognize geopolitics and corporate warfare in the picture of intentional insider threats. People may be tempted by significant sums of money paid by actors of hostile governments or by rival companies to supply either data, or more likely system access to an organization’s networks.

Insider threat cybersecurity.

Assuming for the purposes of cybersecurity that we’re dealing with digital data or access to systems, rather than the standard security protocols that deal with non-cyber insider threats, what can organizations do to establish insider threat cybersecurity and keep their data safe? And what part can employees play in bolstering that insider threat cybersecurity?

Zero trust architecture.

The easiest and yet the most fundamental step towards delivering insider threat cybersecurity is zero trust architecture. That means that an organization’s IT architecture is specifically designed on the principle of guarding against untrustworthy people gaining access to company data. Only allow people who need access to data to have that access, and make them sign in separately for every session, rather than having once-in-always-in security. That way, access to data is session-specific and identity-specific, which significantly narrows the window of potential abuse for such access.

Multi-factor authentication.

Use methodology like multi-factor authentication to have staff sign in to organization systems – while that is primarily a guard against invasive hackers rather than insider threats, the random generation factor stops potential insider threats from giving away longstanding access credentials.

Secure credentials.

As part of a zero trust architecture, ensure you have secure credential vaults – so that, if nothing else, you know who has access to what data at any time, allowing a trail back to individual users for mitigation and investigation. Make it known that this is a process you will follow – certainty that they will be traced when they use a set of credentials can act as a strong deterrent to insider threats, or at least complicate the business of compromising your data.

Use monitoring software and staff.

Keeping a set of eyes – or sensors – on access to data across your whole network is neither as expensive nor as complicated as you might imagine. Many companies exist who can set this up for you, and either continue the monitoring function on your behalf, or train your cybersecurity to manage visibility themselves.

Train your staff.

A well-trained staff minimizes the likelihood of data losses through accident or negligence. Common business cyber-hygiene – like not leaving computer screens showing valuable data while staff are away from their desks, or indeed not leaving machines accessible without signing back in with multi-factor authentication, checking email addresses are correct before data is transferred, etc, all help bolster insider threat cybersecurity against accident or negligence.

Reward your staff and build team loyalty.

Insider cyberthreat originates from several places – from negligence, from accidental carelessness, from malicious staff who feel mistreated and are spurred to revenge, and from either individual struggles with economic pressure or external inducement to take a chance on an easier life.

You can deploy zero trust architecture, multi-factor authentication, secure credential protection, network access monitoring and cloud network monitoring, but two of the most fundamental protections you can use to improve insider threat cybersecurity are macro-level human interaction protections.

Firstly, pay every member of your staff at least a living wage (rather than, for example, a government-mandated minimum). That not only helps staff ride out times of economic turbulence, it also disincentivizes your staff from becoming prone to either discontent or financial inducement to betray you and become an insider threat in the first place. It might also help you ensure you hire more incentivized and loyal staff to begin with.

Building loyalty through real-world appropriate pay and conditions may not solve the whole problem of insider threat cybersecurity, but it’s the equivalent of installing a visible burglar alarm on your home – it stops both internal players and external bad actors seeing you as a vulnerable, virtuous target for insider threat activity.

And secondly, create channels of communication between staff and bosses, so that, for instance, issues of accidental compromise can be confidently reported for rapid investigation and mitigation, with a no-fault clause so that staff are not frightened of the consequences of such accidental action.

Those communication channels can also benefit you inasmuch as staff who want to be loyal can report any approaches that have been made to them by bad actors, looking for insiders to turn into threats. Be prepared to reward any such loyal reporting that results in successful investigation of those bad actors.

Put all these elements together and you have a reasonable insider threat cybersecurity strategy for the 21st century.