September marks the annual celebration of Insider Threat Awareness month, but this year is a particularly special. For the first time, the Department of Defense is officially recognizing September as Insider Threat Awareness Month.
A recent Bomgar/BeyondTrust report found that more than 65 percent of IT professionals don’t feel confident in their ability to identify insider threats. Last year, Forrester survey respondents indicated that 53 percent of data breaches were the result of insiders. Over half of those incidents were malicious in nature.
To support this awareness initiative, we’ve secured insights and commentary from leading cybersecurity and IT resilience experts: Stephen Moore, chief security strategist at Exabeam; Caroline Seymour, vice president of product marketing at Zerto; and Eric Sheridan, chief scientist at WhiteHat Security.
These experts offer shrewd intelligence not only on how to spot and prevent insider threats, but how to respond if and when an attack takes place.
Stephen Moore, chief security strategist at Exabeam
"One hard truth to accept is that you can’t always trust your citizens – the employees, third parties and machines operating inside your network. On the one hand, an external adversary could gain access to your system using stolen credentials from one of your trusted insiders. The compromised individual is often unaware that their credentials are being used.
On the other hand, you may have ‘malicious insiders’ in your network – these are generally employees working for their own benefit. Malicious insiders may be selling your secrets or may have other reasons to cripple your operations. So, it’s important to monitor the accounts of those who have recently left the company.
Here’s what you need to remember when combating the insider threat: Understand the normal behaviors of everyone that accesses your network. When you know the typical behavior, you can more easily spot anomalies. To do this, you need the means to track every activity and pull this together into a single storyline. By storing these details and using tools that can look for suspicious behavior, you can keep on top of your insiders and quickly detect any dangerous activity.”
Caroline Seymour, VP of product marketing, Zerto
"Ransomware attacks often happen as a result of non-malicious employees or ‘insiders’ who unknowingly open phishing emails, which can then wreak havoc on organizations’ critical data and systems, let alone the costs of recovery and possible damage to your brand.
Protecting against the threat of ransomware requires ensuring employees know how to spot ransomware when they see it, and rethinking legacy data backup strategies to create a resilient IT. By investing in continuous data protection for continuous availability, organizations can recover data files within seconds, and not worry about paying ransoms.
IT leaders can help educate their employees on security best practices to learn what potential cyberattacks look like, what to do and how to report them. To train employees, IT leaders can periodically send their organization sample dummy emails to help them determine if an email is actually a phishing attack.
By strategically investing in continuous data protection for continuous availability, and also educating employees, organizations can reach a point where they are protected against any disruption –planned or unplanned – and are always on and available 100 percent of the time.”
Eric Sheridan, chief scientist, WhiteHat Security
“The pace of cybercrime is continuing to grow so the demand is outpacing the supply of security professionals who can help combat the ever-increasing threats. With the shortage in security, organizations are consistently operating understaffed, and team members don’t have time to be as vigilant as they should be, which could lead to a slip in security. People make the misconception that the people who are the reason for insider attacks are malicious, however, sometimes they are just individuals who are burnt out.
Luckily, in regard to securing applications, using a DevSecOps approach can help. Bridging the gap between security and DevOps ensures teams can find vulnerabilities before any cybercrime can ensue. With technologies such as AI and machine learning, some of the burden is taken off of security team members, and professionals can solve problems before they arise, minimizing the extra burden of security.”