Insider Threat Challenges, Lessons Learned and Opportunities
News headlines this week focus on challenges, opportunities and lessons learned as organizations grapple with insider threats.
Ponemon Institute recently surveyed 627 IT and IT security practitioners in the United States to understand how organizations are addressing cyber risks associated with insider threats – such as negligent or malicious employees.
The overall findings paint a worrisome picture — organizations lack deep understanding of the risks of this type of threat. Respondents also revealed they are underprepared for resident attackers, and that they have little ability to discover and remove internal threats.
A key finding is that the ability to detect “stealth” attackers is lower than it should be. Only 42 percent of respondents say their IT security team is doing a good job at detecting whether a staffer is acting maliciously. When it comes to identifying abnormal activity and resource usage, the team’s effectiveness is lower, according to 38 percent of respondents.
Detection is also slower than it should be. While more than half of respondents believe they have reduced dwell time in the past year, 44% either have not or don’t know.
“Being able to detect is one thing, but because damage can increase with every system the attacker touches, detection needs to happen as early as possible,” according to the report.
The Navy CIO’s office has compiled a list of the top lessons learned from after-action reports on breaches of personally identifiable information, or PII.
In terms of operating procedures, it says to: eliminate or reduce the use, display and storage of PII, especially sensitive PII such as Social Security numbers, in business processes; ensure all email containing PII is digitally signed and encrypted; mark all documents containing PII as For Official Use Only; attach a Privacy Act coversheet to hard copy documents containing PII when carried, mailed, stored, faxed or worked on at a desk; and take special care when moving, closing or consolidating offices that handle PII.
In terms of personnel management, it says, “Insider threat is the most difficult breach to detect and prevent. While it represents a small number of DON breaches, it can lead to the clandestine compromise of large amounts of data in short periods of time.”
Managers must be vigilant and aware of the potential for misconduct. Problems have occurred when disgruntled or fired employees continue to have network access when the situation warrants an immediate suspension or revocation. Also, employees should be trained regularly on the proper handling and safeguarding of PII.
Employees are often labelled as being the weak link in the security defensive cybersecurity chain. But our expert columnist Davey Winder argues that, far from being the problem, the insider is actually part of the solution.