The Target customer data breach in 2013 sparked a far-reaching conversation about consumer privacy and enterprise cybersecurity in retail. But did you know that the entire chain of events was set off when one employee at a small refrigeration contractor with Target clicked on a phishing email?
The Target breach is an unfortunately fantastic example of the damage insider threats can do. One recent Ernst & Young report gives an insightful definition of everything an insider threat encapsulates:
“An insider threat is when a current or former employee, contractor or business partner, who has or had authorized access to an organization’s network systems, data or premises, uses that access to compromise the confidentiality, integrity or availability of the organization’s network systems, data or premises. Insider threats can include fraud, theft of intellectual property (IP) or trade secrets, unauthorized trading, espionage and IT infrastructure sabotage.”
Interested in ways investigative link analysis tools can help you reduce insider threat in your organization? Sign up for a demo of Visallo to talk to our team.
Insider threats need not be intentional or malicious to be serious . An employee clicking on a link in a phishing email and getting their information stolen — along with the that of the company — certainly counts as an insider threat.
More than one in four IT and security professionals consider insider threats to be one of the top worries for information technology, second only to visibility into applications and networks. This leaves us with two questions: how are these threats evolving; and what can your business do to protect against them?
New technology and security protocols don’t mean the end of insider threats, but rather their evolution. Insider threats for enterprises are constantly shifting with the increasing digitization of business, cloud computing and employee savviness around technology.
To start, enterprises have never had as many touch points with both internal and external stakeholders as they do today, as businesses’ have largely digitized critical data. Further growth in to cloud-based computing and storage only increases vulnerability to theft of digitized data.
In the same Ernst & Young report on managing insider threats, the researchers speak to how exposure translates into both insider and external threats: “An organization’s critical digital and physical assets are becoming more and more exposed through increased connectivity, differing global regulatory requirements, joint ventures and business alliances, and potential security weaknesses within complex multinational supply chains.”
Exposure to insider threats also increases with the complexity of IT systems and processes. Writing at CIO, B2B technology consultant Crystal Bell attributes increased exposure to insider threats to three major developments: the increasing complexity of information technology, the influx of freelancers and consultants into many organizations and blind spots in identity infrastructures.
On that last front, Bell is referring to how many enterprise systems do not allow visibility into administrator account activities, either because they are working in silos or they remain on local servers. “Without visibility, it is difficult to identify and remediate potential security threats—such as determining whether an employee is abusing their access privileges,” concludes Bell. In other words, one of the biggest vulnerabilities to insider threats is not building in visibility to both your system and your data.
You can build in safeguards against external threats, but preventing insider threats is almost all about visibility. Linda Musthaler at Network World identifies thirteen ways to prevent insider threats - and nearly all of them boil down to introducing visibility into your systems, processes and employee expectations. From monitoring and reviewing employee online interactions to collecting and saving data for use in investigations, preparing against insider threats is about making sure your data is visible. Whether it is employee actions within the system or who has access to what,
The Intelligence and National Security Alliance recommends four steps for managers to address insider threats:
As you assess which software be most beneficial to your company, consider incorporating link analysis tools to bolster your efforts against insider threats.
The right investigative link analysis software, can identify potentially suspicious relationships between transactions, employees, vendors, contractors and more.