6 tips how companies can recognise and prevent insider threats

19. December, 2022

The effect of insider threats on cyber security

An insider threat describes possible security incidents that can originate from people within an organisation. These people can be employees, project workers, interns or even managers within the organisation.

Insider threats can appear in many forms including sabotage, theft of intellectual property or violation of data protection regulations. The reasons are manifold. Besides a purely financial motivation, deeply personal reasons can lead to wanting to harm one’s own company it is also possible that employees cause security incidents without intention or knowledge.  Otherwise, external attackers might masquerade as insiders by taking over internal access permissions and accessing sensitive areas. Despite similar effects, scenarios these do not count as insider threats.

A study of the last two years found a doubling of incidents by insiders. [1]

An insider threat describes possible security incidents that can originate from people within an organisation. These people can be employees, project workers, interns or even managers within the organisation.

Insider threats can appear in many forms including sabotage, theft of intellectual property or violation of data protection regulations. The reasons are manifold. Besides a purely financial motivation, deeply personal reasons can lead to wanting to harm one’s own company it is also possible that employees cause security incidents without intention or knowledge.  Otherwise, external attackers might masquerade as insiders by taking over internal access permissions and accessing sensitive areas. Despite similar effects, scenarios these do not count as insider threats.

A study of the last two years found a doubling of incidents by insiders.

Insider threats are very dangerous because they originate from inherently trustworthy people within an organisation. They are therefore more difficult to detect and prevent than typical threats from outside. To protect against insider threats, there are some recommendations to review and prepare. [2]

  1. Educate all employees about the importance of security and data protection. Provide an easily accessible process for responding to suspicious activity or threats and information on who to contact in case of suspicion.
  2. Implement policies for handling intellectual property and confidential information. Make sure that all employees are aware of these policies and their criminal consequences.
  3. Use robust access and authentication procedures to ensure that only authorised persons can access sensitive information. Minimise potential access only for roles and people who really need such data to perform their tasks.
  4. Monitor and log access to sensitive data and systems to identify potential threats early. Even after an incident, such data can help identify the perpetrator and the extent.
  5. In the event of suspected abuse or, for example, company exits, immediately restricted or withdraw the person’s rights.
  6. Conduct regular security reviews and audits to detect weaknesses in security measures and rights assignments.

Attention with particularly “powerful” users

Users with particularly extensive rights such as administrators or super-users play a special role in the szenario of insider threats. There should be a basic additional validation of the most important, highest authorities like the 4-eyes principle. In addition, ensure that the logging of activities is carried out in a tamper-proof manner and is secured against modification.

Insider threats are a widely underestimated security threat. It is important that all employees are involved in the security and protection of company data and know how to behave responsibly. By separating the most important roles and policies and minimising the assignment of rights, insider threats can at least be minimised.

Sources:

Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence
SQL Injection
SMTP Smuggling
Cyber-Risiken in der Ferienzeit
passkey
Dynamische Cybersicherheit
NIS2
Harmony Mobile by Check Point
EU Machinery Regulation
Sergejs Harlamovs, Malware-Analyst bei IKARUS

Plugin IdaClu accelerates malware analysis

IdaClu: IKARUS malware analyst Sergejs Harlamovs wins Hex-Rays plugin contest
NIS2
Infostealer
Cybercrime
Christoph Barszczewski

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 (0) 1 58995-0
Sales Hotline:
+43 (0) 1 58995-500

SUPPORT HOTLINE

Support hotline:
+43 (0) 1 58995-400

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm

Remote maintenance software:
AnyDesk Download