Another Great work from Lampaku(CyberSecurity Analyst): The Insider Threat! On behalf of FIN-TECH
This is a satirical website. Don't take it Seriously. It's a joke.
2059 68255 Shares
To set the record straight; Malicious insiders have more advantage over external attackers because they know the general operating environment, functions, systems and procedures of the organization. Malicious insider threat emanate from former employees; who no longer have physical access to the organization, but still have knowledge of the general operating environment, systems and their vulnerabilities. Malicious insiders therefore refers to current or former employees, contractors/business partners that gains access to an organizations network, system or data and release this information without permission by the organization(Gelles, Brant, & Geffert, 2008; Ponemon Institute, 2013). Malicious insiders possessed some of these characteristics and indicators; Vulnerability to blackmail, destructive behavior, rebellious, passive aggressive, reduced loyalty, intolerance, pattern of frustration and disappointment and financial difficulties. Malicious insider might take proprieties/items belonging to their organization to their house without authorization. They will also inappropriately obtain information that are not related to their work duties. They grow interest in matters outside the scope of their duties, they copy materials(classified, and unclassified if possible). They remotely accesses the computer at odd times, days and places(Becky, M. 2017).
Insider threats often result in private or proprietary information going public and reputation and trust in organizations are diminished.
The breach of trust caused by Edward Snowden, Manning and other malicious insiders draws the attention of most organizations that despite countermeasures such as firewalls, antivirus software, and intrusion detection systems aimed at addressing threats from outsiders, same measures do little to that of malicious insiders within an organization. Some of the obstacles with insider threat are that; insider threat usually are invisible to security and IT organizations, they do not have full visibility in to insider threats to help in making timely detection and response to attacks.
Also a lot organizations faces insider breaches, however it full extent/level of compromised are unknown, because majority of organizations and agencies have no idea if their breaches were insider attack. Many organizations top data exfiltration vulnerabilities occurs due to printing, file sharing and USB usage among others. Malicious insider gains entry to the targeted system or network. Then, once inside, the attacker investigates the nature of the system or network in order to learn where the vulnerable points are and where the most damage can be caused with the least effort. The attacker then sets up a workstation from which the attack can be conducted, leading to the actual destruction of data(Margaret, R. 2017)
Insider threat continues to be the topmost cyber security problem facing almost all organizations, hence there is the need for organizations/entities to realign their growth with insider threat program; significant updates to the best practices(knowing and critical assets and how to protect it), deploy solutions for monitoring employee actions and correlating information from multiple data sources to establish a baseline of normal behavior for both networks and employees. (Randy,T. 2017).
Addressing these challenges, organizations should develop limited access, access controls should be put in place so employees and contractors can only go where they are allowed and get to information that they are permitted to access. No one person, including those in IT, should have access to everything. An employee/contractor should not autocratically be given additional access simply upon request. The request must require justification, and the need should be investigated and confirmed.
Policy and Enforcement, unauthorized access and copying of information should be strictly prohibited. The policy should be clearly explain to employees and contractors, so that failure to comply, could lead to termination of their employment or contractual relationship and lawsuits depending on how the information was misused. Organizations should put their policies into action by terminating violators, and enforcement is also crucial to reject ideas of information theft by a malicious insider.
Furthermore, there should be layered approach to security in organizations to protect their data through a layered approach by using the multidisciplinary approaches of security, privacy, and information governance. Security controls and technology protect the perimeter from the outside the organization.
Most employees are good hard-working people who love what they do, they also want to get paid, and go home. However, malicious insiders do not shows signs that say information thief. Hence organizations must treat all insiders as potential threats at the beginning of their relationship by implementing the standards, policies and the general insider threat programs within the organization (Lisa, B. T. 2015).
Organization and entities should continuously assessing their security posture through evaluation of threats from insiders and partners, as well as malicious unknowns to help understand the overall state of the organization security. There should monitoring of user behavior by learning what is normal and what is not by increasing behavior monitoring capabilities. Through the use of tools that are already embedded in network such as DLP, IAM controls and SIEM are a foundational part of the effort to address threats. There should be integration of specialized tools such as network analytics and UBA to help establish baselines of normal user behavior and to facilitate the detection of users with high-risk identity profiles as well as high-risk activity, access, and events associated with insider threats(David, O.L, Anne G.,& Alton, K. 2016). Thanks for reading ~ Lamp2019!
References:
Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information systems security: the insider threat. European Journal of Information Systems, 18(2), 101-105.
Lisa, B. T. (2015). 3 ways to protect your company against malicious insiders: Retrieved from
https://cyberscout.com/education/blog/3-ways-to-protect-your-company-against-malicious-insiders
Randy,T. (2017) .5 Best Practices to Prevent Insider Threat: Retrieved from
https://insights.sei.cmu.edu/sei_blog/2017/11/5-best-practices-to-prevent-insider-threat.html
Becky, M., August(2017). identifying the Malicious Insider Threat: Retrieved from https://www.sagedatasecurity.com/blog/identifying-the-malicious-insider-threat
Margaret, R.(2017).insider threat: Retrieved from https://searchsecurity.techtarget.com/definition/insider-threat
Archuleta, E. & Noonan, T. (2008). The Insider Threat to Critical Infrastructures (Links to an external site.). Department of Homeland Security.
CERT. (2017). Insider Threat Index (Links to an external site.).
Office of the Director of National Intelligence. (n.d.). The Insider Threat: An introduction to detecting and deterring an insider spy.
FIN-TECH
This is a satirical website. Don't take it Seriously. It's a joke.