The Enemy Within
In many of my previous blogs I have discussed the threats to IT Systems from external sources, but often risks come from internal sources and that’s when it is important to adopt Insider Threat Management (ITM).
Insider Threat Management (ITM) is the practice of identifying, assessing, and mitigating the risks posed by employees or other authorised personnel within an organisation who may intentionally or unintentionally cause harm. Insider threats can include theft of confidential information, sabotage, fraud, and other malicious activities.
The need for effective ITM has grown in recent years due to the increase in the number and severity of insider threats. In 2020, the annual Ponemon Institute report found that the average cost of an insider-related incident was $11.45 million, up from $8.76 million in 2018. Furthermore, according to the 2020 Verizon Data Breach Investigations Report, insiders were responsible for 30% of data breaches.
ITM is a multifaceted process that requires the collaboration of various stakeholders, including security teams, HR, legal, and management. The first step in ITM is to establish a baseline of normal behaviour for employees and systems. This is achieved through the monitoring of network and system activity, as well as the analysis of user behavior.
Once a baseline has been established, anomalies can be detected and analysed to identify potential insider threats. These anomalies can include unusual access patterns, data exfiltration, and the installation of unauthorised software or hardware.
Once an anomaly has been identified, it is important to assess the threat posed by the insider. This involves determining the intent of the employee and the potential impact of their actions. For example, an employee who accidentally sends an email to the wrong person may pose a lower risk than an employee who intentionally steals confidential information.
After the threat has been assessed, it is important to mitigate the risk posed by the insider. This can involve a variety of actions, including revoking access privileges, disciplinary action, and legal action. It is important to ensure that any action taken is proportionate to the threat posed by the insider.
To be effective, ITM requires a strong culture of security within an organisation. This includes the promotion of security awareness among employees, the implementation of security policies and procedures, and the use of security technologies such as Conditional Access, Data Loss Prevention (DLP) and User Behavior Analytics (UBA).
In conclusion, insider threats are a significant risk to organisations, and the management of these threats requires a comprehensive approach. ITM involves the monitoring of employee behaviour, the assessment of insider threats, and the mitigation of risk. It is important to promote a culture of security within an organisation and to use a range of security technologies to prevent and detect insider threats. By taking a proactive approach to ITM, organisations can minimize the risk of insider-related incidents and protect their sensitive data and assets.
If you would like any advice on how to protect your organisation from Internal Threats then get in touch with Fusion. We are an ISO 27001 business who take a security-first approach to our internal operations and have plenty of experience in the deployment of Conditional Access, Data Loss Prevention and User Behaviour Analytics techniques.
Thanks
Richard