Insider Threats are a Quiet Risk in your SystemThe Ripple Effects that Extend Outward from a Breach
According to the Verizon 2020 Data Breach report, insiders account for 22% of all security incidents. In addition, the costs of insider breaches – caused either by human error or bad actors are rising, with Ponemon finding a 47% increase in cost over the past two years. As an organization, it makes sense to trust internal users and their access, but recent hacks are showing that internal users are a threat to systems too.
See Also: Stopping BEC and EAC
What is an insider threat?
An Insider Threat is the threat of sensitive, critical assets getting compromised, stolen, or mismanaged by internal users. It can be caused by insiders with malicious intent or can be caused by accident. From termination gap threats — where an internal user is terminated and still has time to use their access for harm — to basic human error, to even account abuse or access creep, the threat comes in many forms and any one of them could lead to a costly, devastating breach.
The Consequences Of Insider Threats
No matter the root cause, the result is the same: reputation damage, fines, compliance issues, and of course the ripple effects that extend outward from a breach.
The biggest risk is, of course, the exposure of sensitive information. It could be an employee maliciously stealing valuable assets for another party, or an employee who has too much privileged access and falls for a phishing scam, or even simple human error that accidentally exposes assets. No matter the root cause, the result is the same: reputation damage, fines, compliance issues, and of course the ripple effects that extend outward from a breach.
For example, in 2020, a terminated employee of a medical device packaging company decided to act maliciously. They gave themselves administration privileges and deleted over 100,000 records, causing massive delays in medical device delivery (during the height of the pandemic).
How To Mitigate These Threats
While any access carries with it an inherent threat, there’s a few ways to make sure insiders aren’t the cause of your organization’s next data breach.
Best practices include:
- Zero Trust Network Access. ZTNA specifically limits which sensitive systems a user can access and is implemented with various security controls, such as multi-factor authentication, least privileged access, access and employment verification and attestation, credential vaulting and detailed auditing. It removes all trust from every user, therefore removing the threat of an internal attack.
- User Access Reviews. A user access review is a periodic inventory of access rights to certain networks and systems, and the users who have access permissions into those networks and systems. Reviewing internal access is the simplest way to make sure that no user 1. Has access they shouldn’t and 2. Isn’t accessing assets they don’t need to be accessing. It can catch a potential breach before it even occurs.
- Access Control. The goal of access controll is to create friction between a user and their access and stop any unauthorized access that could lead to a security or privacy breach. Whether it’s through time-based access schedule, manual access approvals, or access notifications, access control can stop a user from accessing an asset they shouldn’t, therefore mitigating the insider threat.