The biggest cybersecurity threats are right under your nose

The biggest cybersecurity threats are right under your nose

It’s well known that prevention is the most effective and least costly form of cybersecurity.  Once a breach happens, it can be very difficult to get back to “normal”, if such a thing even exists anymore.  Better to augment that “normal” state with the most robust defense possible.

The question then becomes:  defense against whom?  There are two kinds of cyber attackers in the world.  The ones that tend to get the most press are those which come from the outside – malicious hackers who break down your system without even knowing its internal dynamics.

Yet it is the insider threats – the malicious actors who already have access to your network – which are both more pernicious and have the access needed to do far more damage.  Just mention the names Snowden or Manning to any government official and they’ll tell you:  the threat from insiders shouldn’t be discounted.

I.T. managers walk a fine line when it comes to insider threats.  Open systems with easy access controls tend to be user-friendly – people can get data where and when they need it.  Functionality demands a certain amount of flexibility in the end.  That flexibility can have real business value, too.  As businesses become more mobile, there are competitive advantages in giving people what they need, when they need it, cybersecurity consequences be damned.

On the other hand, battening down the security hatches can also pay dividends.  While the user experience might suffer, that’s small potatoes when compared with the damage caused by a cybersecurity incident.  Flexible and accessible data isn’t worth anything if it’s compromised by thieves.

How can businesses protect themselves from insider threats?  A few thoughts:

Think about your IAM system and its consequences.  A thoughtful approach to identity and access management (IAM) is the core of a strong cyber defense against insider threats.  Snowden and Manning were able to compromise major systems not only because they were administrators, but also because the network architecture allowed them to access areas which they had no real business being in.

There are very few users who truly require access to your entire system.  Constructing a few silos here and there to deter a casually curious administrator can pay significant dividends with very little cost to functionality.

Monitor your logs.  Do you know who is accessing what, and when?  Can you detect an intrusion by unauthorized users in network areas outside of their usual scope of activity?  If an insider was actively snooping around, would you know about it?

Insiders act with impunity because they believe that no one is paying attention.  Creating and maintaining some situational awareness of who is working with which data set can go far towards preventing a costly breach.

Confirm identities regularly.  In the world of physical security, access to a restricted area requires a confirmation of your ID.  It should be no different in the digital world.  The value of your data requires that your system know exactly who is accessing it.  Use of biometrics, dual factor authentication, or identity management tools doesn’t have to be intrusive or a drain on productivity. There are simple yet effective ways to challenge anyone who might undermine your cybersecurity stance.

Want to bolster your security stance against insider threats?  We can help.