• Latest
  • Trending
Insider Threats: Protecting from Within

Insider Threats: Protecting from Within

December 21, 2021
Apple releases iOS 15.5 RC, here’s the list of everything new

Apple releases iOS 15.5 RC, here’s the list of everything new

May 13, 2022
MSI Full AMD 300-Series Motherboard Compatibility for Zen 3

MSI Full AMD 300-Series Motherboard Compatibility for Zen 3

May 13, 2022
Gigabyte New Flagship AORUS 17X Gaming Laptop with Extreme Performance

Gigabyte New Flagship AORUS 17X Gaming Laptop with Extreme Performance

May 13, 2022
MediaTek Unveils New AIoT Platform Stack and Genio 1200 AIoT Chip

MediaTek Unveils New AIoT Platform Stack and Genio 1200 AIoT Chip

May 13, 2022
Oracle expands global network of industry innovation labs

Oracle expands global network of industry innovation labs

May 13, 2022
Google announces 30,000 scholarships under African developer scheme

Google announces 30,000 scholarships under African developer scheme

May 13, 2022
Huawei attracts global talent to tackle world-class challenges

Huawei attracts global talent to tackle world-class challenges

May 13, 2022
MTN SA Commits R2.2 Billion For Network Modernisation

MTN SA Commits R2.2 Billion For Network Modernisation

May 13, 2022
Micron Delivers Industry-Leading Capacity Sizes and QLC NAND

Micron Delivers Industry-Leading Capacity Sizes and QLC NAND

May 13, 2022
ADATA LEGEND 850 and Limited Edition PCIe Gen4 x4 M.2 2280 SSDs

ADATA LEGEND 850 and Limited Edition PCIe Gen4 x4 M.2 2280 SSDs

May 13, 2022
SMART Modular Technologies New DuraMemory DDR5 VLP RDIMM

SMART Modular Technologies New DuraMemory DDR5 VLP RDIMM

May 13, 2022
Apacer Announces PV930-M280 SSD Powered by 112-layer BiCS5 Flash

Apacer Announces PV930-M280 SSD Powered by 112-layer BiCS5 Flash

May 13, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Monday, 16 May, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Insider Threats: Protecting from Within

Malicious insiders are increasingly working in teams or groups.

by ITECHNEWS
December 21, 2021
in Leading Stories, Opinion
0 0
0
Insider Threats: Protecting from Within

YOU MAY ALSO LIKE

Apple releases iOS 15.5 RC, here’s the list of everything new

MSI Full AMD 300-Series Motherboard Compatibility for Zen 3

After chasing and capturing cyber-criminals and spies for nearly three decades, one fact holds true, “Access rules the landscape. Every attacker wants it. Every employee has it.” Differentiating between legitimate access by malicious insiders and access enablement for state-sponsored, criminal and ideologically motivated actors can be challenging even for seasoned professionals.

Today, Mandiant records more cases than ever in which malicious insiders compromised mission-critical systems, exposed confidential data or extorted their employers. Such incidents can cause significant financial damage and reputational risk. Organizations not only have their own data but the data of customers and suppliers they are entrusted to protect. Organizations should focus on protecting their critical data, assets and crown jewels at a minimum. Unfortunately, most organizations and industries are unaware of the latest malicious insider threat trends:

  • Malicious insiders are increasingly working in teams or groups.
  • Ransomware groups recruit malicious insiders to enable access.
  • Economic and workplace environments are significantly driving malicious insider behaviors.

Most organizations do not have an established insider threat program or leverage intelligence to reduce insider threat risk. To mitigate risk, insider threat programs should focus on three core elements: access, data and awareness.

Access

Access is vital in malicious insider threat cases, so organizations must protect all environments and assets within their networks with multifactor authentication (MFA) and access controls. Each user, developer and administrator should be given only the rights they absolutely need for their daily work. Keep the number of employees allowed to create new accounts in on-premises and cloud environments to a minimum. Access and privilege audits should occur routinely.

Also, implement network segmentation. By separating network areas through security controls, an attacker has less opportunity to pivot to a separate environment and – potentially – elevate privileges. Organizations should additionally limit unnecessary traffic between highly sensitive and less trusted environments. All systems that do not need to be publicly accessible should be separated from public access. Ensure secure offboarding. When an employee leaves the company, organizations should immediately lock down their network access. All SSH keys, PEM files and passwords to which the person had access should be changed for all environments. MFA should also be disabled immediately.

Data

Data, in this context, can be files, folders, intellectual property, sensitive information and more. Data resides on thin clients, laptops, desktops, servers, thick clients, mobile devices, printers and the cloud. Does your organization know where all its data is and where it goes? Not understanding this can lead to a breach, resulting in data loss, financial losses, reputation impacts and litigation risk.

“Most organizations do not have an established insider threat program or leverage intelligence to reduce insider threat risk”

Ensure all folders and files have appropriate access controls. Leverage purposefully designed insider threat tools to support data loss prevention efforts and visibility into data movements, including copies, modifications and destruction.

Awareness

To effectively diagnose insider attacks, businesses need to combine technology with vigilance and a commitment to educating employees about the dangers of insider and insider-enabled threats. Organizations should commit to regular insider threat awareness training for their board of directors, c-suite and employees. Additionally, they should invest in a dedicated insider threat data loss prevention solution paired with a separate endpoint detection and response (EDR) solution.

Many organizations try to repurpose technologies not intentionally designed to detect insider threats. An insider threat data loss prevention solution detects malicious behavior for those with legitimate access, sounds the alarm and can block actions. These technologies protect from within, the other 180 degrees. Companies should send log data and event aggregation to a SIEM (security information and event management). This helps ensure the authenticity of logs and prevents an attacker from deleting or manipulating them.

Key Takeaways

Access, data and awareness are key to minimizing malicious insider threat risk. Outside specialists can review existing capabilities to maximize the use of current investments and accelerate or create insider threat programs based upon years of cataloguing best practices across industries.

Insider threat security as a service removes bias from analysis and identifies suppression of alerts and events, allowing the organization to focus on investigations. Regular intelligence-informed security assessments make it possible to uncover weaknesses and continuously improve security measures. This provides companies with an intelligence-informed individual roadmap for effectively protecting themselves against malicious insider attacks and their impacts.

I’ll leave you with three other points to consider:

  • Insider threat-focused solutions should follow the data and protect from within.
  • Insider threat investigations should be predicated by evidence to refute profiling and withstand legal scrutiny.
  • Intelligence-informed insider threat programs add visibility and reduce risk.
Source: Jon Ford Global Managing Director, Insider Threat Security Solutions
Tags: Awarenesscyber-criminalsdata
ShareTweetShare

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Apple releases iOS 15.5 RC, here’s the list of everything new

Apple releases iOS 15.5 RC, here’s the list of everything new

May 13, 2022
MSI Full AMD 300-Series Motherboard Compatibility for Zen 3

MSI Full AMD 300-Series Motherboard Compatibility for Zen 3

May 13, 2022
Gigabyte New Flagship AORUS 17X Gaming Laptop with Extreme Performance

Gigabyte New Flagship AORUS 17X Gaming Laptop with Extreme Performance

May 13, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Apple releases iOS 15.5 RC, here’s the list of everything new

Apple releases iOS 15.5 RC, here’s the list of everything new

May 13, 2022
MSI Full AMD 300-Series Motherboard Compatibility for Zen 3

MSI Full AMD 300-Series Motherboard Compatibility for Zen 3

May 13, 2022

Recent News

  • Apple releases iOS 15.5 RC, here’s the list of everything new May 13, 2022
  • MSI Full AMD 300-Series Motherboard Compatibility for Zen 3 May 13, 2022
  • Gigabyte New Flagship AORUS 17X Gaming Laptop with Extreme Performance May 13, 2022
  • MediaTek Unveils New AIoT Platform Stack and Genio 1200 AIoT Chip May 13, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version