Controlling Insider Threats

There are two flavors of insider threats.

#1 is Edward Snowden. Skilled. Motivated. On a mission. Understands that there will be collateral damage. Knows that he or she is breaking the rules. Sometimes it is national security. Other times it is industrial espionage. Still other times it is pure curiosity. Often, but not always (such as sneaking a peak at a celeb’s medical records out of nosiness) money changes hands.

#2 is your average employee. Trying hard to do his or her job. Is a human being. Human beings make mistakes. No money. No evil intent. Just being human.

I don’t have any stats, but I bet for every #1, there are a couple hundred #2s – or more.

Let’s assume that there are a lot more cases of benign insider threat than malicious insider threat, but no matter the intent, the threat is real.

So what can you do?

Here are 5 tips.

#1 – Require cybersecurity awareness training, AKA anti-phishing training of everyone, but the lowest paid employee to the CEO. All it takes is one of them to click on the wrong thing and you are in a full-blown ransomware incident.

#2 – Avoid public WiFi. I know it is convenient and it is just to do this one thing, but it is far from secure. If you have to use public WiFi then at least use a SECURE VPN.

#3 – Enhance endpoint protection. Endpoints, AKA your users’ phones, tablets, laptops, computer computers and home whatever, is THE weak link in the chain. Enhance that and you will reduce overall risk. And it isn’t just company laptops. It is all endpoints.

#4 – Really stay on top of patches. The golden rule is 24/72. This means patch within 24 hours any zero day exploit that is under attack and 72 hours for everything else. Just this month we saw a Microsoft patch that was released late last week (netlogon), that the feds ordered all executive branch agencies to patch within 24 hours (by Monday night) and yesterday Microsoft said the bug is being exploited in the wild. This means patching your operating system and all applications. Even the ones that you don’t use. They are still an attack vector. And this includes employee owned phones — and deal with the ones that are no longer being patched by the vendor/carrier.

#5 – Proactively manage remote desktop/remote control tools. We are seeing multiple nation-state attacks that are going after remote access solutions. RDP. VPN. Remote control. They are an easy attack vector and we know for a fact that they are being actively exploited by hackers.

While these seem simple, doing them right is hard. If you need help, contact us. Credit: SC Magazine

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code