How Teleran Protects Against Insider Threats
Behind the walls, the threat you don’t expect
The medieval castle is an icon of defense. Visible from miles away, walls high and imposing, and for the time virtually impregnable to conventional attack. Those making an assault had to find ever-more inventive ways to circumvent the defenses and find any sort of weakness. Far more often than not, they failed. Security and cyber security is the new castle, creating inventive defenses designed to be imposing and impossible to easily bypass. But what about those already through such incredible measures? Just as a traitor can lower the bridge, or open a side door to the invaders, insiders can be tempted or convinced that it is in their own best interest to do the damage for those on the outside and you cannot stop them. The greatest threats to security are not the inventive hackers and malicious forces without. No, the threats we must be ready for also are within.
Many companies do background checks, monitor systems, and do all in their power to prepare for these situations, but no profiling method is 100% effective. The reasons a person might become a threat are as diverse as the number of people that can be tempted. For some it could be a simple matter of money, being paid enough to make it worth the risk. Disgruntled individuals could do it for a measure of revenge against the company they view as unsavory. Others still could be moving from one company to another, and this would sweeten the deal. No single profile for an insider threat exists. This unfortunate fact makes protecting against such threats increasingly problematic.
Four Primary Types of Dangers
Despite not having a personality profile or specific traits to be aware of, most risks belong to one of four main groups. The first are malicious insiders. These represent the disgruntled employees and those that chose to abuse access. What makes them so dangerous is the familiarity with your systems and security. This type of insider is the greatest danger, and the hardest to detect. What’s worse is that they are the costliest of threats to clean up after. On the other end of the spectrum are the careless and unintentional insiders. These are those that have access to sensitive information, but make poor choices. A stolen laptop or drive can compromise your company just as intensely as a malicious insider. The lack of intent makes little difference.
Many external forces are willing to resort to less-than-honorable means. This leads to exploited insiders, those that are targets specifically for their access. For instance, phishing emails are easy and cheap to send out. Among them, about one-in-ten is clicked on by an employee. Like a Trojan horse, this allows a malicious program to infect the system used to access the problem. With that access, the external force has a foothold to begin trying to sabotage or steal information. This can include impersonating the individual and their security access. The last group would be the external insiders. These are those that can access your systems or get inside the building despite not being a part of the company proper. Again, the foothold is what is being sought, and those with a way into the system don’t even have to be full employees of your company to be a threat.
Fending off the attacks
Being aware of these groups is a first step in preventing losses or damage to your company. However, identifying risks is not enough to mitigate them. Instead, you have to take more active steps in stopping either the attacks, or the damage from them. The first step aside from identifying the danger is reducing the amount of exposure to insider threats. Reducing the access to sensitive data limits the number of individuals that could be harmful or targeted. Limiting single-user access to critical assets prevent accidental damage as well as malicious intent. Also be sure to control what applications access information to reduce the risks of exploitation or loss.
Another way to limit access is to maintain records in a secure fashion. Nearly 2 in 5 companies simply store privileged credentials on a simple word document. These high-level access information credentials need to be stored in a central repository where the only access is through strong control measures, multi-factor authorization, and full ability to audit access. Restricting access to authorization allows you as a company to monitor who is trying to access sensitive information and when. This also gives the ability to tell when something out of the ordinary is happening. Some security companies like Teleraan offer automated systems that can monitor your systems in real-time. Instead of waiting for a report hours later, unusual activity can be set to alert security as it happens. The time and damage of hours of access is mitigated by the immediate warning of an attempt to get in.
Another good method is to keep from having a central authority. Monitoring access is more than ensuring only authorized access. If you limit the amount of access any one individual has, you limit their ability to do damage to the company intentionally or accidentally. Offer security only for what is necessary, rather than unlimited access to large swaths of data. Finally, do what is reasonable to monitor the access itself. Be aware of what programs require information, and how it is accessed. Over time, who accesses information through specific programs and when creates a pattern of behavior. By monitoring system access, security personnel or programs like those from Teleraan can become aware of what is normal access. What queries for specific information is normal, and when something is amiss. Again, having a real-time monitoring system is invaluable here. Being made aware of a breach as it happens allows a company to stop it become the loss becomes catastrophic. This is also applicable to changes in behavior over time. When somebody is compromised or tempted, their behavior will change in order to access sensitive information. These changes are warnings that can be caught early, and prevent loss before it even happens.