When you think “cybersecurity threat,” what comes to mind? A hoodie-clad hacker in a basement breaking into the network or an army of cyberattackers sending ransomware at other unsuspecting nations? Probably. But the truth is, many incidents can actually start from inside your customers’ organization. This closer-to-home danger is called the insider threat, defined by the Department of Homeland Security as “a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data.” Insiders have more access to company information than an external attacker, which means extra care is necessary to reduce risk.
Insider threat incidents are on the rise, and can be either intentional or unintentional.
Remember Dennis Nedry from Jurassic Park? He’s a textbook example of an intentionally malicious insider: a disgruntled employee who steals Intellectual Property (IP) and disrupts business operations. Other examples include employees stealing the company’s CRM, financials, or other sensitive information, deleting or altering data, or installing malware.
But insider threats aren’t always from predators – they can also be unintentional, caused by a simple mistake, poor judgement call, or negligence by a well-meaning employee or contractor. Consider these real-life scenarios:
- Sales representative emails a proposal to the wrong person by selecting the wrong name auto-populated in the email program, revealing privileged pricing and client information
- Contractor accesses the company network, unaware they have malware on their device that infects the network
- Accountant loses a USB drive loaded with sensitive financial documents
- HR manager leaves a personnel file on their desk, and it’s seen by after-hours maintenance staff
- CEO falls for a sophisticated whaling scheme, providing credentials, confidential information, or payment to an attacker
Your Role in Minimizing the Insider Threat
While your customers likely won’t have dinosaurs to contend with, the insider threat is still something to take seriously. Help your customers reduce their risk with these considerations:
- Cyber-Smart Culture: Educate employees on the realities of insider threats and encourage them to speak up if they recognize one. Maintain an ongoing training program to keep awareness high and the team on board.
- Network Infrastructure: Employ the least privilege principle, only giving employees access to files necessary for their job.
- Policies and Enforcement: Help set and enforce rules with a Technology and Data Use policy detailing how data is stored and shared. For example, if your customers don’t allow USB drives, set up peripheral control to block them from company devices.
- Onboarding and Offboarding: Consider recommending background checks for all new employees and contractors. When employees leave, follow documented offboarding procedures to remove access promptly.
Set a Good Example
You may not have considered that your organization may qualify as an insider threat to your customers due to your level of access. Discuss the [steps you take](https://www.defendify.io/cybersecurity-blog/2020/01/20/your-technology-and-data-use-policy-means-online-safety) to protect their information and encourage them to ask their other vendors and contractors to do the same.
The insider threat isn’t going extinct any time soon, but a few steps can help keep your customers protected from the inside out.
Your Friends @ Defendify