Insider threats come from two directions: employees who intend to do wrong and employees who allow an intrusion out of sheer ignorance. Both types of threats can be monitored and thwarted using the same techniques, but it’s important to know when a breach was deliberate or not for two reasons: 1. you don’t want to punish innocents and 2. you want to provide additional training if employees are unaware about how to recognize incoming threats.
There are three primary sources of the most significant kinds of damage:
- Privileged users
- Contractors and service providers
- Business partners with access to the system
Privileged users are your systems administrators, network administrators, IT security staffers, IT auditors, app developers, cloud supervisors, etc. Contractors and service providers with system access are an obvious security hole, because they have all the access of a high-level insider, but usually without the background checks and other safeguards put in place by your human resources department. This is the same situation with any business partners that have access to your systems.
Methods for Stopping and Preventing Insider Threats
Data is at the greatest risk when at rest. Hence, database encryption and file encryption are crucial for providing a high level of security. It is also important to closely monitor data access. Analyze typical access patterns so that it’s easy to spot any deviance from the norm. Application layer encryption, data masking practices, and tokenization are also essential for preventing insider threats to the organization and its data. A solid ITSM software package offers robust security features to help with this monitoring and analysis.
Cautions When Monitoring for Insider Threats
Though this monitoring and analysis is important, there is a point at which it can go too far. For example, you don’t want to put a great employee under unnecessary scrutiny when that worker is doing research for a project that goes above and beyond the call of duty. Likewise, you don’t want to make your employees feel like Big Brother is always watching, because this leads your greatest workers right out the door.
Balance your crucial security measures with a healthy dose of people sense, and investigate each incident with the mindset of “innocent until proven guilty.” In many instances, the employee was hacked and had no knowledge of the breach until after the fact.