What is an Insider Threat?
An insider threat or an insider attack is the theft or accidental leakage of sensitive data by someone who has legitimate access to the data, or who at least has legitimate access to your systems. Third party entities who generally constitute an insider threat can be a trusted vendor, contractor, partner, or employee. Some will have existing authorization or access to customer records - or even trade secrets. CEOs and IT managers are disproportionately focussed on the threat posed by black hat hackers and other hostile third parties. They may be aware of the threat of an insider attack, but place less emphasis on safeguarding. Many CEOs are unaware of current insider threat indicators. An insider threat can result in the loss of large quantities of data, often with devastating financial consequences.
Traditional IT security defenses such as antivirus, backup, and firewalls are fairly effective for protecting companies against cyberattacks coming from the ‘outside’, and they definitely have a role to play in securing the perimeter of your clients’ networks. Your clients, however, are neither castles nor fortresses that can be completely sealed off.
Types of Insider Threats
Any insider threat or insider attack invariably involves a breach of trust. Frequently, someone with legitimate access to customer records, user activity, credentials or network traffic breaches sensitive data. Breaches and data loss can also be the result of human error or negligence on the part of data custodians. Trusted individuals can also steal customer records to mount phishing attempts that do not directly target the business in question.
What are the four types of insider threats?
Vendor,
Contractor,
Partner,
Employee
Cybersecurity insider threat defenses have to cover valuable data including personnel records, pending sales, product designs, and backup files. This data is the lifeblood of companies, which is why file activity monitoring and data leakage protection is a critical piece of the overall IT puzzle. Unfortunately, it’s also a piece that is often left missing when businesses fail to see what’s happening right under their noses and actively ignore the growing risk of insider threats.
Tools focused on perimeter defense simply aren’t effective at defending against insider threats and don’t provide insider threat indicators. It’s not enough to block unauthorized access to your clients’ systems – you also need to prevent the problems caused by authorized users doing things they shouldn’t. Implementing a data privacy program can be a challenge.
Insider threat examples
Examples of the most common insider threats are authorized users who abuse their legitimate access to data to steal it.
A contractor copies customer records to a USB thumb drive
An employee copies sensitive data to a Google doc
A user emails an Excel file containing large quantities of data to an unauthorized third party.
Setting and updating user and group permissions on files and folders, both on desktop workstations and servers is necessary for basic security within the network, but those permissions alone fail to provide any protection when an authorized user can abuse their valid read permissions to steal data or files containing trade secrets or other sensitive or privileged information.
Permissions can’t protect you against an insider threat
Furthermore, permissions can only be applied to existing files and folders. Even if you’ve set up those permissions to be inherited by new files and subfolders, that inheritance only applies to new files and subfolders created inside those already existing folders.
Files created by exporting sensitive data from a business application like your ERP or CRM systems would be unprotected since the user can choose that file to be exported into a folder without strict permissions. Consider an example of a sales manager exporting a spreadsheet from your ERP containing a list of customer accounts and credit card details into their “Documents” folder, or a shared drive on the network which is world-readable for convenience.
In either case, you wouldn’t even know that file existed unless you were looking for it and knew how to identify it as a file containing sensitive information. If you don’t know that file exists, there’s no way for you to protect it or monitor who views or modifies it. Any insider threat indicators will be useless.
You also would never know if that file was emailed to someone outside the company, transferred over an insecure protocol like FTP, saved to a company or personal laptop which was then stolen, or copied onto an external hard drive or USB stick which an employee then took home.
In order to track and control sensitive and privileged company secrets, you need to monitor and control the files which contain those secrets, and this must be done over the entire lifetime of the file from the moment of its creation all the way through every edit, view, copy and rename. Only then can you meet the challenge of data leakage from inside threats like user mistakes and industrial espionage. Professional cybersecurity insider threat analysis is essential.
A free risk analysis survey tool is the first step towards effectively identifying and countering any risk of insider threat or insider attack.
Only robust file protection can stop data leakage from inside attack
This file-centric approach to data protection is at the heart of Actifile. By automatically classifying and tagging all files the moment they are created – whether exported from business applications or created within protected folders – they can be tracked over their entire lifetime.
Since the tracking works by attaching code to the file itself, any time someone tries to email that file as an attachment, print it, copy it to a portable drive, or upload it to an outside server, that activity is immediately detected and stopped, with the appropriate people notified immediately.
Since this classifying, tagging and monitoring of files containing sensitive information is automatic and requires little human input, managed service providers can monitor the file activity of all their customers all at once, with a dashboard providing a “single pane of glass” into your entire customer base.
You may also be interested in:
Balance cyber security with usability
A Practical Approach to Data Privacy and Compliance Insider Threat at The Age of No Perimeter