When most people hear about an “insider threat,” they often assume it’s a malicious employee who is either out to prove a point or trying to selfishly make a buck. Yet, as one startup learned last week, the real “insider threat” is often a well-intentioned person who, in the course of simply trying to do his or her job, accidentally causes something to go wrong.
Human error is a prevalent cause of accidents, which means IT and security teams should prepare accordingly to limit the resulting damage. Here are a few steps organizations can take to limit the impact of accidental insider damage:
- Control executables. Even the most security-aware users fall victim to spear-phishing attacks. By controlling what’s allowed to execute on your systems, you can block attackers’ malware from taking over devices and unknowingly exploiting legitimate user privileges.
- Get rid of unnecessary privileges. In the case of GitLab, the team member who accidentally deleted a production database was, in fact, authorized to do so. Yet, too often that’s not the case. According to one recent survey, 91 percent of insiders have access to systems that they shouldn’t. If you can’t access it, you can’t break it.
- Monitor user activity. Something about being watched by an authority figure encourages people to think twice about their actions. By recording all activity as users access sensitive IT systems, you can encourage your most privileged users to double check their work and discourage any foul play. This means fewer mistakes, fewer malicious actions and less damage to clean up.
- Backup. Then backup some more. If IT teams learned one thing in 2016 (or “The Year of Ransomware” if you read the news), it’s that backing up sensitive data is an imperative. Whether an IT admin accidentally deletes an entire database or a cybercrime ring takes your servers hostage, backups are extremely handy. Just ask any of the companies who learned this lesson the hard way.
You can’t predict which users are accidentally going to damage your systems or fall victim to well- disguised attackers, but you can predict that these things will happen – and more than once. However, with some preparation, you can make sure that when these incidents occur the repercussions are minimal.