Automotive maker Tesla’s allegation this week that a former employee wrote software that hacked company systems and leaked confidential information and trade secrets highlights once again the very real business risk of insider threat.
While much attention is paid to threats from the outside, those on the inside – including employees and third parties with access – pose a potential risk. Various surveys peg the number of breaches related to insider threat at a wide range from 25 to over 50 percent, but even at the lowest end, a one in four risk is significant.
Insider Threats Increasing
The latest Ponemon survey of 700 IT and security practitioners finds that all types of insider threats are increasing, including employee or contractor negligence, criminal and malicious insiders, and credential theft. The average insider threat incident costs organizations $8.76 million and takes more than two months to contain.
The impact of insider threat on business continuity, reputation, and growth cannot be understated. For example, Secure Halo worked with a manufacturing company that suffered persistent compromises to the secrecy and security of its new products prior to launch, affecting market share and sales. By assessing the physical, technical, and human vulnerabilities that were being exploited, the TSC team was able to identify how adversaries were pilfering trade secrets and intellectual property through the company’s connected suppliers.
Many companies assume they don’t hold the type of data that would be attractive to criminals, nation-states, or activists. But any organization that deals with sensitive information – whether it be product plans, merger and acquisition details, personally identifiable information (PII), or health and payment card data – has mission-critical information that must be protected.
8 Ways to Combat Insider Threat
- First, understand what your organization’s high-value assets are, where they’re located, and who has access to them. Define and categorize data and intellectual assets according to their level of sensitivity, value to the organization, role in business continuity, when they might be most imperiled, and their potential value to a malicious actor.
- Segregate the most sensitive data to reduce inadvertent exposure and to mitigate the risk of vulnerabilities created when printers and other network devices aren’t updated with network patches.
- Encrypt sensitive data in transit and in storage to reduce the privacy risks from stolen or inaccessible data stores. This ensures that even if records are stolen from your organization, they are of little use to hackers on the black markets.
- Employ privileged access management. Determine the risk that different employees pose to data, such as those with access to lucrative financial, product, or health information. Assign least privilege access based on their roles.
- Deploy technical sensors to establish baseline work-flows and usage of sensitive data. Use real-time monitoring to detect unintentional or deliberate use of data.
- View HR programs through the lens of security. Consider what programs can be put in place to prevent employees from becoming disgruntled. The employee charged with breaching Tesla is said to have been upset over not receiving a promotion.
- Train employees to recognize signs of insider threat among team members such as unusual behavior or work hours or altered financial state. Train and test employees on their ability to identify social engineering of incoming emails so they don’t become unintentional leakers.
- Identify aspects of connected third parties’ security posture that are in conflict with your own organization’s security. Use a third-party cyber assessment to reveal vulnerabilities and weed out the highest-risk providers.
With more employees working remotely, the move of business systems to the cloud, increased reliance on third parties, and more stringent regulatory requirements such as GDPR, it’s never too soon for organizations to consider the role of insider threat as part of their enterprise risk calculations. Reach out to Secure Halo for additional ideas.