There is no doubt that insider attacks at a company can be catastrophic. According to Haystax, they can cost a company on up to $500,000 to $1,000,000. What’s more, 90% of companies surveyed in the latest Crowd Research report are considered to be vulnerable to this type of security problems. In fact, 53% of companies claim they have suffered an insider attack in the last 12 months. However, not all security managers know about the implications or even the origins of this problem. How can one take on a problem that comes from within?
Where do these attacks originate?
When speaking of insider threats, there are usually two clear but different causes: negligence and malicious intent. While the first usually happens due to a deficiency at a company, the second is more dangerous since it is intentionally harmful. In both cases, the main actors are users with privileges and administrators. It is also important to keep in mind the role of consultors and temporary employees as well as regular employees who can also pose a threat. The origin of the security breach is the first thing to consider in order to stay protected.
Insider attacks are on the rise
According to data gathered by Crowd Research, the number of insider attacks has grown and they are becoming more frequent. The percentage of deliberate data breaches also grew as opposed to unintentional incidents. The vast majority of these vulnerabilities stem from regular employees, but as we mentioned, attention should also be paid to providers and users with privileges.
What points are most vulnerable? Cyber-criminals are most interested in information concerning accounts of users with privileges, as well as confidential business information. After this, they are interested in is personal information, followed by different information related to industrial espionage.
Taking care of vulnerabilities
The main vulnerabilities stem from a lack of control, according to Crowd Research. The most common vulnerabilities stem from an excess of users with privileges and misuse of privileges, which can allow criminals a simpler way to gain unsupervised access. The increase in the number of devices that have access to sensitive information has also caused networks to be more vulnerable.
In addition to increasingly complex technology, there is a clear lack in education, which is one of the main culprits in internal security failures. Therefore, companies should invest heavily in cybersecurity training for employees. This might seem costly, but as we mentioned, the cost of repairing an internal problem and the consequences thereof often exceeds hundreds of thousands of dollars.
How to defend your company
Bearing all this information in mind, some protection measures should be put into place. Firstly, it is crucial to observe and monitor employee behavior within the network in real time, review the server logs to look for any suspicious behavior and use specific data to analyze how to prevent a possible insider threat.
This means preventing information leaks caused by malware or employees, as well as having protection against attacks or fixing vulnerabilities found in the system. Solutions such as Panda Adaptive Defense 360 combine the latest-generation protection (NG EPP) and Endpoint Detection and Response (EDR) technology with the ability to classify 100% of running processes.
Having a Data Loss Prevention (DLP) strategy and encrypting information are the main measures against insider threats as cited by 60% of security professionals surveyed by Crowd Research. It is necessary to have impeccable identification access control as well as restrict and control all endpoints.
Lastly, it is vital to control and monitor access to valuable resources such as information, databases, connections, anything that can result in a significant loss. It’s also a good idea to reasonably track employee activity, something that can easily be done with the correct tools. In short, having a solid control and repair plan overseen by the right team, together with exhaustive monitoring and proper security training is the best path to protect oneself from an unexpected security failure.