Being responsible for IT is not the easiest job at the moment. When, in addition to the constant warning about external attacks and the requirement of zero trust principles, there is also the warning about internal insider threats, as a CISO you can ask yourself who else you should trust.
Insider threats are a real problem for companies of all types and sizes. A current example is the electric car manufacturer Tesla: Last year, at the Gigafactory Berlin-Brandenburg, over 100 gigabytes of sensitive data and salary information from tens of thousands of employees across Europe, as well as reports about malfunctions and problems with the products, were made public - two were suspected former Tesla employees. They didn't do this to enrich themselves with the data, but rather to point out grievances and security problems within the company. Nevertheless, whistleblowing is a data breach in which employees' information could have been misused for impersonation or worse.
Data leaks are a threat to your existence
Such cases are always related to existing security precautions and can be prevented through close management of access rights. Otherwise, one alienated employee with a touch of criminal energy and a willingness to sell sensitive information or their access data to cyber criminals is enough to endanger company secrets, customer data and possibly the existence of the entire company. To make matters worse, the masterminds' strategies also include recruiting accomplices on the Darknet. They offer large sums of money to rogue or frivolous employees in exchange for sensitive login information.
If the dangers aren't enough, data leaks can also be incredibly expensive. There is not only the risk of infiltration of the company network and a subsequent ransomware attack with horrendous ransom demands. In the event of data protection violations, the legislature also gets involved. The authorities don't care whether an insider, a careless employee or another data leak is responsible for the damage: Anyone who loses data will be asked to pay. According to the EU GDPR, this can cost companies up to 20 million euros or up to four percent of their global annual turnover. The Federal Office for the Protection of the Constitution also explicitly warns of the threat from internal perpetrators. Not every insider threat is the result of intentional, malicious actions, and not every employee who makes a misstep is directly a perpetrator. Often it is unintentional errors or lack of knowledge that cause incidents. Solutions to this problem require not only technical but also interpersonal approaches.
Role-based access control
A core part of identity management: When employees arrive at their new job or a new position, they automatically receive the access rights they need based on their role and activity in the company. This ensures that all employees and managers can only access the information and systems they need for their work. By reducing the amount of employee access rights to what is necessary based on roles, the attacker's freedom of movement - the so-called blast radius - is significantly restricted in the event of unauthorized access. This restricts rogue employees in every scenario - regardless of whether they are trying to misuse their credentials inside or outside the company. AI-powered solutions can take RBAC systems to new heights and efficiently manage them with intelligent, context-based allocation and automation.
Privileged Access Management (PAM)
Similar to RBAC, PAM helps control access to critical systems and data. Assigning, managing and monitoring privileged permissions ensures that only authorized people, such as CEOs, developers and network administrators, have access to highly sensitive information. PAM and RBAC can also be used to immediately determine whether the access rights of several users have suddenly been increased - for example, because a hacker wants to use a stolen user account to give his accomplices access to the target organization's network.
Joiner-mover-leaver systems
This system controls the lifecycle of employee identities in the company. It ensures that access rights are adjusted accordingly when an employee joins, transfers or leaves in order to avoid unnecessary security risks. The highlight: As with RBAC and PAM, you protect yourself from both external and internal attacks. On the one hand, so-called orphan accounts are avoided. These are user accounts that are no longer actually assigned to an employee, but fall through the cracks and still have access rights, sometimes high-level ones. These are popular among hackers because they can then fly under the radar of IT defenses with a well-equipped, legitimate user account. Identity Governance and Administration (IGA) solutions automate the important customizations and also provide RBAC and PAM functions that ensure compliance and reduce the burden on IT teams. On the other hand, this avoids the situation in which a disgruntled employee, after leaving the company, misuses his access data to the detriment of the old employer or even sells them lucratively to organized criminals on the Darknet.
Black and white listing of software
Specifying approved (whitelist) and unwanted (blacklist) software reduces the likelihood of malware being introduced or unauthorized applications being used on the corporate network. This puts a stop to so-called shadow IT and the uncontrolled creation of user accounts. However, employees should be invited to submit suggestions for purchasing new tools to make their daily work easier. Anyone who sensitizes their own workforce to the fact that software downloaded on their own initiative could contain malicious code will prevent unintentional insider perpetrators.
Training and workshops
In order to nip dangers in the bud, you have to know and be able to recognize them. Cybercriminals' tactics are evolving so quickly that no employee can be expected to stay on top of the latest scams. Not least thanks to the possibilities of GenKI, phishing emails have now become such authentic imitations of emails from trustworthy major brands that it is very easy to accidentally click on a contaminated link and thus inadvertently become an accomplice to a hacker. Regular training on modern phishing and social engineering methods, such as voice phishing using AI replication of voices, and the detection of threat indicators, strengthens employees' awareness of these risks and teaches them to recognize them. They are a useful team building measure that can strengthen the trust between employees.
User activity monitoring and zero trust
The zero trust approach has become the fundamental principle of every modern IT security solution and with good reason: it is the antithesis of all types of access abuse. 'Don't trust anyone and if you do, then only after sufficient examination', that's the motto. However, it can be difficult to distinguish between normal and suspicious usage behavior. Monitoring login behavior and using identity access management (IAM) systems and multi-factor authentication (MFA) are therefore crucial to detect unusual or unauthorized access attempts early. Such systems help identify insider threats before they can cause damage and dramatically reduce the attack surface of any organization.
Employee well-being
An often overlooked aspect of safety culture is employee well-being. Regular check-ins and making employees feel like their opinions and concerns are being taken seriously can help reduce the risk of employees knowingly or unknowingly becoming a security threat. At the same time, this increases the motivation among the workforce to take safety measures seriously and to be careful to protect themselves and their work environment. Internal conflicts between staff can also be a decisive factor in acts of sabotage. Preventing this through open communication, mediation and arbitration ultimately not only helps the working atmosphere, but also compliance. Because why should employees turn against the employer if they are treated with respect and listened to?
Humanity and technology against insider threats
Insider threats are a growing threat, but that doesn't mean that a trusting corporate culture has to turn into a spy thriller where everyone works together to find the mole and no one trusts anyone anymore. Insider threat prevention simply requires a comprehensive approach that includes both technical access management measures and the promotion of a positive corporate culture. The Identity Management umbrella also brings together all the tools that CISOs and IT managers need to quickly identify and eliminate internal sources of risk. However, the most effective means of combating unintentional or planned insider threats is still employees who are well disposed towards their employer and who also have a trained eye for fraud.
More at Omada.com
About Omada
Founded in 2000, Omada provides innovative identity management for complex hybrid environments based on our proven best-practice process framework and implementation approach.
Matching articles on the topic