sb-au logo
Story image

When innocent mistakes turn into costly problems

01 May 2017

According to Forrester Consulting research, security and risk (S&R) decision-makers face threats from three groups of insiders—compromised accounts (internal accounts that have been compromised by external attacks), careless misuse (internal policy violators and those who accidentally leak or expose data or systems) and malicious insiders (insiders who purposefully take or misuse data or exploit systems).

While S&R professionals often think “outside-in” first when assessing threats to their organisations, awareness of internal threats can also be a key requirement for securing key systems. 

Nearly two-thirds of the firms in the study had experienced a security incident involving a compromised account in the past two years, while 57% had an incident stemming from careless misuse and 41% from a malicious insider in that same period. Tellingly, only 1% said they had no incidents involving insiders.

Beyond how frequently they happen, insider threats also result in significant financial and productivity losses for a majority of firms that experience them.

  • Compromised accounts: Three quarters of respondents said compromised accounts had a significant or moderate financial impact, and 68% said they had a significant or moderate productivity impact.
  • Malicious insiders: Sixty-four percent said malicious insiders caused a significant or moderate financial impact, and 57% said it had a significant or moderate productivity impact.
  • Careless misuse: Sixty-one percent said that careless misuse incidents had a significant or moderate financial impact, while 56% said they had a significant or moderate productivity impact on their companies.

When most people hear about an “insider threat,” they often assume it’s a malicious employee who is either out to prove a point or trying to selfishly make a buck. Yet, as one startup learned last week, the real “insider threat” is often a well-intentioned person who, in the course of simply trying to do his or her job, accidentally causes something to go wrong.

Most employees are not out to steal sensitive information; they’re simply trying to do their jobs. For some, this means storing files in Dropbox or sending information via personal email—actions that may seem harmless, but can unintentionally put data and systems at risk. The Unintentional Insider In a recent survey from PwC, 50% of organisations reported that their single worst breach during the previous year was attributed to inadvertent human error.10

Human error is a prevalent cause of accidents, which means IT and security teams should prepare accordingly to limit the resulting damage.  Here are a few steps organisations can take to limit the impact of accidental insider damage:

  • Reduce the attack surface to limit insider threat exposure: Restrict standard user privileges based on role to limit intentional or accidental damage. Control applications to reduce the risk of users becoming exploited. 
  • Don’t leave credentials lying around: Store privileged credentials in a secure, central repository that supports strong access controls, multi-factor authentication, and full auditability. Change these credentials on a regular basis.
  • Limit the power of any one account: Segregate administrative duties based on privileged users’ specific roles. Only allow full admin or root access when necessary.
  • Do what you can to deter bad behaviour: Track the individual use of privileged and shared accounts, and record activity to tie a specific “who” to each action taken. Tell users they are being monitored, and consistently watch for changes in employee behaviour. By recording all activity as users access sensitive IT systems, you can encourage your most privileged users to double check their work and discourage any foul play. This means fewer mistakes, fewer malicious actions and less damage to clean up.
  • Look for attackers disguised as authorised insiders: Attackers operating with privileged accounts will look like authorised insiders, but their behaviour will likely be different. Monitor and analyse privileged user and account behaviour to learn what’s normal to more easily identify anomalies that may indicate in-process attacks.
  • Backup. Then backup some more. If IT teams learned one thing in 2016 (or “The Year of Ransomware” if you read the news), it’s that backing up sensitive data is an imperative. Whether an IT admin accidentally deletes an entire database or a cybercrime ring takes your servers hostage, backups are extremely handy. Just ask any of the companies who learned this lesson the hard way.

Article by Jeffrey Kok, Director of Pre-Sales, Asia Pacific and Japan, CyberArk.

Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Kaspersky finds red tape biggest barrier against cybersecurity initiatives
The most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Plugging the gaps: Australian organisations are leaving their defence barriers wide open
Cybercriminals are are walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More