Threats from "IT insiders" make many IT security departments sweat with fear. And rightly so, because they are already firmly anchored in the company's IT. They represent a particularly high risk after being compromised because they can hardly be recognized by normal security mechanisms that are directed towards the outside world.
So it is difficult to fully protect against insider threats using traditional means. In order to arm themselves against insider threats and to uncover what is happening within the organization, organizations need the right strategies and technical solutions that go beyond the traditional methods of IT security.
75% of security breaches by insiders
If you look at which threats are ultimately successful and manage to penetrate a company's IT, then insider threats are by no means a negligible risk. According to Gartner's Information Risk Research Team, insider threats are actually responsible for 50-70 percent of all security incidents, and when it comes to security breaches, insiders are responsible for three quarters of them.
The consequences can be serious: The Ponemon Institute estimates that insider threats cost $ 8,76 million per year and company affected. This is not least because it takes an average of 280 days to identify and contain each breach - a frightening scenario for any company.
The three main forms of insider threats
The most famous example of an inside threat is certainly Edward Snowden.
But its activities, even if they are best known, are by no means typical of the scenarios most organizations face, especially in a commercial context. In the majority of cases, insider threats take three main forms: “accidental”, “compromised” or “malicious” insider.
1. As the name suggests, is the "malicious" insider typically an employee or contractor who steals information. Edward Snowden is probably the most famous example of this, with many other malicious insiders stealing information not as whistleblowers but for financial gain, such as the thieves of Swiss bank data a few years ago.
2. The "compromised" insider is considered by many to be the most problematic form, as this person usually did nothing more than innocently click on a link or enter a password. This is often the result of phishing campaigns, in which users are presented with a link to an authentic-looking website to encourage them to enter credentials or other sensitive information.
3. No less dangerous is the “accidental” or “negligent” insider. Debunking these insiders can be particularly challenging because no matter how diligent companies and employees are with cybersecurity, mistakes happen.
Technological possibilities of defense
In order to avoid such simple but, in the worst case, very far-reaching mistakes, many organizations already use intensive training courses to increase the awareness of their employees in this direction. Undoubtedly, some accidental and compromised insider attacks can be prevented simply by training end users to identify and avoid phishing attempts. But beyond training, there are technological options that focus on user behavior in order to better protect yourself against insider threats.
User and Entity Behavior Analysis (UEBA)
The use of traditional, only outward-facing cybersecurity solutions creates a very large blind spot. To address the multi-faceted challenge of insider threats, security teams need the technological infrastructures and tools to see the full picture and thus all threats - including those from the inside. This is where User and Entity Behavior Analysis (UEBA) helps. Understanding typical behavior makes it easier for security teams to recognize when a problem occurs. Corresponding solutions based on AI and machine learning are already being used by many organizations for effective, proactive protection.
Conclusion: Proactive strategy with analytics
Organizations need the technological infrastructure and tools to see the full picture of threats. Modern SOCs therefore use User and Entity Behavior Analysis (UEBA) within their SIEM systems to protect themselves from within against human error, negligence and malicious insiders. Combined with training, such a proactive strategy can dramatically reduce the internal blind spot and identify many insider threats at an early stage.
More on this at Exabeam.com[starboxid=17]