• Latest
  • Trending
Look Beyond External Threats to Insider Threats

Look Beyond External Threats to Insider Threats

March 1, 2022
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Sunday, 5 February, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Look Beyond External Threats to Insider Threats

by ITECHNEWS
March 1, 2022
in Leading Stories, Opinion
0 0
0
Look Beyond External Threats to Insider Threats

We must never forget to look beyond external threats to insider threats to secure our corporate data and IP. We’re seeing a large number of insider threats and that’s a big issue. What’s interesting is that they can come from many different places – employees, contractors, temporary workers, vendors, and business partners. Let’s take the disgruntled employee; how do you know that an employee is disgruntled from an IT standpoint? That’s very difficult to do. It could be a supply chain partner inadvertently causing an insider threat attack – not knowingly, not necessarily maliciously, but that’s still considered an insider threat. And then of course there are account takeover attacks where outsiders steal insider credentials and appear to be legitimate insiders but they’re not. These are also considered insider attacks.

Insider Threat Motives

There are a lot of different motives. There could be financial gain where employees are looking to steal funds. We’ve seen cases where embezzlement has occurred. We’ve seen retaliation from employees who have been put on performance improvement plans. Employees may be upset about not being promoted. A contractor may leave a port open to an AWS bucket – that’s still considered an insider threat even if the initial compromise is not created by a threat actor. The motives are numerous and the insider threat assets and targets are wide, while varied. Cloud infrastructure is a big target as we go forward. A lot of times, an AWS bucket is left open by a contractor or by someone internally. That opens up access to a lot of sensitive data. The point is that anything of value inside an organization is a target.

YOU MAY ALSO LIKE

Inaugural AfCFTA Conference on Women and Youth in Trade

Instagram fined €405m over children’s data privacy

The impact is pretty severe. If it’s a malicious insider, they already know what to go after. It’s not a question of a threat actor that’s trying to understand where the sensitive data is or what sort of data they can get to. An insider threat actor really understands what to do and where to go after the keys to the kingdom.

Insider Threat Statistics

In the past two years, insider threats have increased by 47%. We’ve seen a lot of supply chain attacks. In 55% of organizations, privileged users are the greatest insider threat. So when you look at zero trust, how’s that model working? Zero trust is meant to limit the usage of where a privileged user can go. We’re seeing every year more than 35 businesses worldwide being affected by an insider threat. It’s not a small number. We focus so much on external threats that we’ve kind of forgotten that internal threats, insider threats, are still a big problem. This goes across all different business types. And this is really around where supply chain attacks and trusted business partners are a huge concern. We’re seeing investment around how organizations can understand their supply chain risk. I think the SolarWinds attack certainly opened a lot of eyes for a lot of people around the susceptibility to those type of attacks. But we’re seeing certainly other areas where supply chain is a big problem.

Technology Investments

There’s been a lot of investment in the last year around things like attack service management, vulnerability assessments, pen testing, even score cards, and certainly XDR. XDR is the new hot thing that’s all over the place. It’s not really well defined, but at the same time, people are looking to invest in more. Because they’ve been promised it’s the next wave of how to protect against threats and attack campaigns that have gotten inside. However, that’s really left insider threats by the wayside. Most people are focused so much on the external threat actor that they haven’t really invested as much in insider threats until this year where people are starting to wake up and see that it’s a big problem.

When External Threats Become Insider Threats

Organizations are realizing they need to focus on external threats and insider threats. What’s fascinating about this, is that an external threat can be an internal threat. We are seeing that supply chain partners or contractors can leave something open that an external threat could take advantage of. Sometimes it’s malicious. We’ve seen cases where an insider will open up a hole for somebody on the outside, knowing that they’re allowing threat actors to come in and profit from their access. So, they’ll open the door for them. It’s very often a case where an insider threat isn’t just someone stealing data. They’re actually working with a threat actor on the outside to do more damage. It’s unfortunate, but it does occur.

Organizations have focused so much on external threats and invested there and bought tools and their security teams have all been aligned around detecting external threat actors. But, how do they handle insider threats? Well, the problem is that they can’t add more resources. It’s hard to find security analysts out there. So that’s another challenge to being able to support more insider threat issues.

Existing Threat Monitoring Programs Do Not Address Insider Threats

So how do you incorporate insider threats into your current threat monitoring program? Well, SIEMs today are not designed for that. You’re just pulling in data from logs, networks, etc. It’s very short term analysis. You really need to think long term in how you look at things. These are very behavioral based. They’re not really static rules and correlation doesn’t really help that much. They’re based on events by someone who’s probably a privileged user already in some cases. So, it’s very difficult to be able to understand insider threats from a traditional SIEM perspective, or even an XDR perspective that tends to be focused on the endpoints.

Next Gen SIEM to The Rescue!

What’s needed is a next generation SIEM which is really focused on user centric analysis. You need to be able to understand how users behave, understand how user activity is impacting systems and networks, and build context around how these things are related. This is also where machine learning models are really key that adapt to how behaviors are looking at baselines of what normal activity is and seeing abnormal behavior and adapting the threat detection. This is where rule based static systems don’t work.

True Machine Learning is Key

Unfortunately, a lot of the machine learning and artificial intelligence out there are really rule-based engines. They’re conditional statements. “If I see this, go do this. If I see this, get more data here and do this.” That’s not adapting to new attacks or new ways of doing things. You absolutely need artificial intelligence and machine learning to understand that this is a new behavior you’re seeing, but it seems like it’s attributable to an attack. Let’s continue to watch it. Maybe mark it as suspicious before marking it as malicious. But do that in automated fashion, not where an individual person has to manually determine, “This looks suspicious.” Then a month later decide it’s actually malicious. It’s very difficult for a person to do while more advanced techniques leveraging machine learning models can do this much more effectively.

Risk Prioritization is Also Important

It’s also important to be able to prioritize exactly how risky user and entity behavior is. Is it more risky than another behavior? How much more?. Being able to prioritize and even apply risk to behaviors is key to helping the security team understand and quantify risk. Is this normal behavior or not? Assigning a risk score to it can be very helpful. Even helping security teams build tagging and rules around risky behaviors, can help refine models so that if they see something marked as high risk, a security analyst can review it and say, “This is okay, this is something that’s normal as part of our environment.” Being able to adapt and learn that next time we see this behavior we don’t want to make that mistake again. Being able to adapt to those type of nuances is very critical.

Source: Sanjay Raja
Via: Security Boulevard
Tags: Look Beyond External Threats to Insider Threats
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version