Of the many cyber threats facing organisations, the one that should not be overlooked is the “insider threat”.
Defined as “an act of accidental or intentional harm from within the organisation” the insider threat can be missed, simply because of the natural inclination to trust one’s workforce. Training staff to spot the indicators will be helpful but staff must feel confident to report their concerns. Considered controls and policies, combined with proper training, will go a long way to prevent incidents as a result of insider action.
"User privileges” categorise the level of access staff have to resources within the business network. It follows that the more access, or privileges, that a member of staff has, the more their actions can compromise.
The account with the most privileges will be the “Admin Account”, usually including all system access and control of what is allowed on the network.
Compromise this account and the impact will be catastrophic to the whole business. This makes the “Admin Account” a prime target for cyber criminals.
Any cyber attack must first establish a foothold in systems and resources. Already on the business network, an insider has the access rights required to be successful in their endeavours.
Motivated by job dissatisfaction, disgruntled from being “let go”, subject to an offer from a rival business, political activism or even part of organised crime, the insider abuses their privileges to steal and share information with third parties or for independent advantage.
Removeable media can be used to discretely remove data from the premises; or transfer malware onto the network, including spyware which steals and sends information directly to the adversary.
Although malicious attacks do occur, cyber incidents are predominantly caused accidentally. Online tasks (emails, web browsing, etc.) pose a major threat to business because every user will be susceptible to the wiles of the social engineer.
Evermore convincing, phishing emails target all business areas to gain high level access and escalate the threat. Careless use of personal devices and weak security embedded in the Internet of Things (IOT) open other doorways for malware infection.
Let’s not forget, portable devices (including removable media, tablets, phones and laptops) can hold vast amounts of data but are easily lost or stolen.
So, what can be done?
Simply by restricting user privileges into a hierarchy and keeping high privileged access minimal, an incident can be contained:
Lessen the Impact
Thorough training and security protocols may still enable your best efforts to be subverted but having appropriate controls will thwart unintentional mistakes and unsolicited misuse.
Lessen the impact by giving every employee “least privilege" so procurement of data becomes challenging for the workforce. Only increase privileges on a case-by-case basis.
Make sure training and controls work in harmony for a truly effective cyber security solution against the insider threat.