Businesses often think about outsider threats as they’re planning cybersecurity and implementing new measures to protect their business. While it is necessary to look outward, it’s also just as important to look inward because more cybersecurity threats than you might realize come from internal sources.
According to research from IBM Security, up to 60% of cyberattacks may be from insider threats. Separate research from the Ponemon Institute indicated that for mid-sized companies with fewer than 500 employees, the average cost per incident was a staggering $1.8 million each.
So, how can you protect your company against internal threats just as much as you do with outside potential cyberattacks?
1. IPAM Solutions
It’s important that you have a foundation of organization, centralized visibility,and you understand your IT assets as the first part of preventing internal threats. One such component of this is IPAM (IP address management) solutions.
With IPAM, network administrators can keep an up-to-date inventory of all IP addresses that are assignable. This allows visibility into the subnets that are in use, and who’s using them. It also shows the hostname that’s linked to each IP address and the hardware associated with each individual IP address.
2. Know What’s Meant by “Insider Threat”
Insider threat sounds like an ominous term,and it can be,but that’s not always the case. Sometimes insider threats can occur because of a lack of knowledge on the part of employees, rather than employees purposely and maliciously stealing something from their employer.
Of course, you do still have to factor in the potential for insider threats to come from employees who are perhaps unhappy or greedy and want to do harm to the business.
There are different ways to approach insider threats, depending on whether it’s intentional or unintentional.
3. Unintentional Threats
With unintentional threats, your primary focus should be on creating, updating,and implementing employee training and support. Employees need to be held accountable for participation in training, as well as for putting what they learn into action.
Some of the primary ways employees may become unintentional threats to cybersecurity include:
- Not taking training seriously, or not receiving training
- Accidents, such as losing a company device that contains data and information
- Carelessness or problems with decision-making
- Being the victim of scams such as phishing
4. Intentional Threats and Red Flags
While an unintentional threat may not have any associated red flags leading up to an event, intentional threats often do.
One of the biggest red flags to watch for is an employee who starts to work a lot of extra hours onsite, or who logs in at hours that would be otherwise strange, such as on the weekends even when there aren’t any big projects going on requiring extra hours.
Malicious threats can also come from employees who have left their jobs. When a company doesn’t have the proper onboarding processes in place, an employee may leave but still have their access permissions.
It’s not just traditional employees that leave open this possibility. It can also include vendors and former contractors.
When there are malicious internal threats or possible red flags, it’s almost always because of a disgruntled employee who feels underpaid or underappreciated. This represents a cultural problem that needs to be addressed in addition to a security problem.
5. Creating An Acceptable Use Policy
Along with recognizing the nature of internal threats, another thing an organization can do proactively is to create a data use policy which is usually integrated with an acceptable use policy This highlights in very specific terms what employees can do with the information, and how to manage it. It’s not enough to present employees with an employee use policy. They need to be trained on it as well.
6. Conduct Regular Account Reviews
Doing regular account reviews is something all organizations should make sure is occurring. Account reviews should work to identify accounts not disabled when they should have been, as well as permissions that are assigned to accounts but aren’t needed anymore.
As part of this, work on cultivating a culture of accountability among departmental managers and leaders so they know they are responsible for their employees’ dedication to internal security and taking the necessary precautions.
Finally, when you are dedicated to preventing internal cybersecurity threats, you also need to make sure you have a well-publicized system and set of procedures for confidential reporting. Whistleblowers need to feel comfortable and protected in coming forward.