September Is Insider Threat Awareness Month: Are You Ready?
The U.S. National Counterintelligence and Security Center (NSCS) and the National Insider Threat Task Force (NITTF) have declared September National Insider Threat Awareness Month. This is part of a concerted effort to educate government agencies and private sector organizations on, according to their press release, the “serious risks posed by insider threats, while encouraging employees to recognize and report anomalous activities so early intervention can occur.”
According to the Verizon Insider Threat Report, 20 percent of cybersecurity incidents and 15 percent of data breaches originated with “insiders” to the organization. While they don’t happen as frequently as external attacks, insider attacks can be extremely costly and difficult to prevent and detect.
That’s because insiders already know the network environment and often already have access to sensitive information. They can stealthily exploit privileged access to critical systems and move laterally through systems without raising any red flags. As a result, insider attacks can continue for months – or even years – before being discovered.
This new NSCS initiative is an important step in raising awareness and helping organizations develop proactive strategies for combating and detecting insider threats and reduce the risk of privilege compromise. Throughout the month, the NSCS, NITTF and partnering government agencies will host a series of events that highlight the importance of safeguarding the nation from insider threats and best practices for mitigating insider risks. Visit the Center for Development of Security Excellence to participate in cyber awareness trainings and eLearning or access informative cybersecurity resources.
Who Is the Insider Threat?
William Evanina, director of the NSCS, explained, “All organizations are vulnerable to insider threats from employees who may use their authorized access to facilities, personnel or information to harm their organizations – intentionally or unintentionally.”
While their motivations vary, CyberArk believes insider threats can typically be classified into four major groups:
- The External Insider. In the digital transformation age, integration with vendors and remote workers is critical. But, each of these partners – from contractors and agencies to IT service providers and attorneys – needs access to sensitive data to do their jobs. Since you can’t control what you don’t own, this creates a major gap in cybersecurity defenses: unmanaged remote vendor access can lead to negative audit findings and serious data breaches.
- Exploited Insider. Cyber attackers commonly target employees with privileged access like sysadmins, IT help desk teams and executives. In fact, according to the Verizon Insider Threat Report, 33 percent of breaches involve social attacks such as phishing, spoofing or reverse social engineering attacks via social media. It only takes one victim and one compromised endpoint for an attacker to establish a foothold inside an organization.
- The Malicious Insider. Malicious insiders are motivated by anger, financial struggles, political activism, thrill-seeking and more. They are not always easy to pinpoint, because, typically, they can bypass security measures as “trusted users” to obtain what they’re after. Their actions put enterprise and government missions, dollars – and sometimes even lives – at risk.
- The Unintentional Insider. Humans are, well, human. They make mistakes. Most employees are not out to steal sensitive information. They’re simply trying to do their jobs. Sometimes these employees take actions that seem harmless to them, like installing unauthorized applications or using unapproved workarounds. But, this can put put data and systems in harm’s way.
To reduce the risk of insider threats and limit the damage that they can do, organizations should implement privileged access management solutions that offer insider threat protection. The CyberArk Privileged Access Security Solution helps organizations proactively limit user privileges and control access to privileged accounts. It reduces the risk of an insider attack, while providing real-time threat analytics to aid in insider threat detection.
To explore the dangers hidden within your organization and learn five actionable recommendations for reducing the risk of insider threats, download our eBook, “Unmasking Insider Threats” or read our blog post, “Insider Threats Come in All Shapes and Sizes.”