Although the motivations for malicious actors vary from espionage, personal financial gain, or even just outright spite, one of the most common (and commonly overlooked) forms of insider threats is the accidental one.
Humans are frequently referred to as both the strongest and weakest components of a company’s cybersecurity program – and rightfully so. With proper education, enablement, and encouragement, employees can develop a “security first” mindset to help them protect business assets. However, humans are … well, human; and employees (also known as “insider threats”) must be calculated as a part of any company’s threat model. The complexity of risk mitigation around these insider threats, and the financial risks associated with ignoring them, pose a unique set of problems for executives and security leaders.
While the cloud provides businesses with more agility and collaboration options, it also has its security risks: It allows employees to move quickly and therefore accidentally make careless security mistakes. There are multiple types of accidental insider threats, but some of the most common happen due to a combination of two factors: oversight of key security measures by individual employees and the skill of malicious actors who can take advantage of these employees.
Fortunately, there are solutions to mitigate the risk posed by accidental insider threats. By taking a modern, proactive approach to cybersecurity, inclusive of ongoing employee training, modern authentication methods, and zero-trust architecture (ZTA) principles, companies can curb risks posed by accidental insider threats in the future.
The Current Insider Threat Landscape
Before we look deeper into what a modern cybersecurity strategy looks like, it’s important to understand the scope of the insider threat issue. Cyber threats are on the rise across the globe in both average cost and total volume, and insider threats remain the hardest challenge to address, due in part to the fact that these breaches originate from trusted, authorized users.
To prevent these incidents from occurring, companies need to assess their current security strategy and data inventory. This will provide them with an understanding of where data lives and who has access, allowing them to adjust access control policies as needed to prevent sensitive data from falling into the wrong hands.
Embrace True Zero Trust
Companies need to implement authentication and authorization measures that ensure only approved employees can view company data. This can occur in several ways, but companies operating within the cloud should start by utilizing two key components: ZTA and multi-factor authentication (MFA).
A zero-trust architecture – in other words, a security framework requiring all users to validate every stage of their digital interaction – is a crucial component to reducing the risk of internal errors that can lead to breaches. Trust has no place in the cloud, especially as cybercriminals become more adept and advanced; a zero-trust architecture will provide ongoing, consistent checks that ensure every user meets critical benchmarks throughout their digital interactions before providing access to company data.
Implementing a zero-trust architecture is a long journey that can take multiple years for larger organizations. However, a great first step to quickly realize security posture improvement is to implement MFA technology. This can be in the form of a physical Universal 2nd Factor or Client to Authenticator Protocol device such as a Yubikey or your smartphone, or in the form of a “push” notification sent to your smartphone that provides a strong authentication that the user is who they say they are and is trying to access the data properly. These technologies dramatically reduce the risk of man-in-the-middle attacks that older MFA technologies like One-Time Passwords such as tokens and SMS messages are susceptible to.
Implement Consistent Employee Training
Beyond analyzing and managing data inventory, companies need to implement effective security training, tools, and policies. Cybercriminals are fluid and will not only move to where the money is but to the weakest points of entry in a company’s line of defense – which can often be the employee.
Employees must know how to properly give access to documents to the correct people, as well as know the warning signs of a phishing or ransomware attack, such as strange links or email addresses. Ongoing training, coupled with alerts stating that data is being shared with outsiders or suggesting to encrypt sensitive data, can significantly lower a company’s risk of accidental data leaks.
About the Author
Mike Laramie is Associate CTO, Security, at SADA, a cloud business and technology solutions provider.