Published on June 16th, 2015 | by admin
Controlling Insider Threats through Visibility, Analytics, and Intelligence
There’s been a lot of talk in the last few months about coordinated (or alternatively, collaborative) hacker attacks on a variety of organizations across North America. This gives the impression that the only problem facing enterprises is from external, possibly even foreign government, sources. This is simply not the case. Research has shown that it is often your own employees, i.e. insider attacks that pose the biggest threat to your security.
In 2014, malicious insiders accounted for the greatest cost in terms of lost revenue due to cybercrime. The Ponemon Institute in their report, 2014 Global Report on the Cost of Cyber Crime, found that the average losses due to insider threats was $213, 542 – compared to phishing and social engineering which came in at an average loss of $45,959. This is quite surprising when you consider the amount of focus on external threats in the press. But one of the reasons we don’t hear about insider attacks is because most companies, according to PWC in their 2015 report, Managing Cyber Risks in an Interconnected World, prefer to deal with the problem internally and not involve outside bodies such as law enforcement agencies.
Insiders cover the whole gamut of people who currently, and have at some point in the past, dealt with your organization including current and former employees, contractors, suppliers and even customers. Again, quoting the aforementioned PWC report, consultants and contractors were responsible for 18% and 15% of security incidents, respectively, in 2014. And with a third of enterprises knowing they’ve experienced an insider threat, according to SANS Institute, this adds up to a serious problem.
But what types of crime are insiders committing? This has been detailed by PWC in their report, US Cybercrime: Rising Risks, Reduced Readiness, and includes loss of confidential and proprietary data, loss of revenue and downtime of critical systems. These crimes are perpetrated through a number of routes, including social engineering, laptops and email. The reasons why seemingly trusted insiders bite the hand that feeds them are oftentimes revenge, excitement, and financial gain.
Controlling Insider Attacks through Visibility, Analytics, and Intelligence
Preventing insiders from committing a crime against an organization has traditionally been a very difficult nut to crack. By definition, an insider has inside information, such as login credentials to network resources, including confidential and/or encrypted data access. This is not a case of adding in layers of security, such as second factor credentials, or hardening a perimeter firewall; these people are already inside the firewall and have the right credentials.
To manage insider threats we need a new model; a new way of thinking about security. As the threats against our organizations evolve, so our approach to managing those threats also needs to evolve to keep pace. The new kid on the block is a more intelligent and considered way of managing risk. We have moved away from simply applying security tools and hoping for the best, to security through applied intelligence and risk management. To increase the impact of this we also need to embrace the power of collaborative security, assimilating information and data from multiple sources. Sharing security data and analytics is the key to strengthening your stance against cyber threats to your organization.
The most effective way to manage and control insider attacks is through insight and intelligence – giving you a global view of what is happening across your enterprise systems. Monitoring behavior and suspicious activity allows you to spot any issues before they become problems; you are simply blind to insider threats without the right types of monitoring and alerting tools.
But monitoring tools are only as good as the information they supply and this information must be available in an easy to digest interface alerting you to any issues – visual analytics are the key to discovery, they give you the evidence you need to act.
The movement to a security and risk management strategy, based on shared and intelligent data gathering, gives us the toolset we need to handle the changing cyber threat landscape. When we, as custodians of our organizations security and data, employ a combination of in-depth, multi coverage analytics, with mass storage of big data and graphical visualization of that data and events, we will have the power to truly prevent insider attacks.
In a final note, the recent Kaspersky hack, which admittedly wasn’t an insider threat, but an external and highly complex attack on their security systems, was handled in a manner that was based on collaboration and sharing of data. This has been to the advantage of a global community of organizations who can now utilize this information to protect their own systems against further attacks of this nature.