As cybersecurity professionals, we spend a lot of time and effort keeping outsiders off our network, and out of our servers and information repositories. The good news is that today’s defensive solutions work pretty well, and we are largely successful defending threats from outsider the network perimeter.
Insider threats are a bigger concern. There have been several high profile insider breaches, including the AWS breach by former employee Paige Thompson. Her insider attack affected at least 11 other businesses, including Capital One. Or the recent case of Yahoo employee and engineer Reyes Daniel Ruiz, who hacked 6000 Yahoo accounts.
The insider is usually a coworker, trusted business partner, or contractor at the company. They already have user credentials and permissions to parts of the network. This makes them particularly tough to defend, since we expect them to be there, and they have permissions to be there.
The main avenues where company information is breached are services such as:
- Social networks such as Facebook and LinkedIn.
- Personal email accounts.
- Cloud-based file storage such as OneDrive, Google Drive, Dropbox, and Box.
- USB keys and external drives.
Other ways that employees or even managers may inadvertently or accidentally cause loss of company information can be by opening phishing links or attachments.
Departing employees often feel entitled to take company information with them when they leave, especially if the information is something that hey created or handled routinely in the job role.
Prevention can include:
- Blocking popular public email services such as Gmail and Outlook.com.
- Blocking or filtering social network sites.
- Start a data loss prevention program.
- Make employees aware that your company is on the lookout for unauthorized information transfers, unusual amounts of file access, and file copying.
- Block USB ports in the BIOS if you can.
These are a few ways that the insider threat can be mitigated in your organization.Share