It’s commonly understood that the , no matter which industry or sector you work in. greatest risk to any organization comes from the insider threat Insider threats come from, either unintentional or malicious activity of an individual who’s got authorized access. THE INSIDER THREAT Also, you need to know that, in the end, almost every external attack looks like an insider threat. The reason for that is quite simple, compromised credentials are the most common threat action in data breaches (Verizon, Data Breach Investigation Report 2019). For hackers, it’s easier to steal an insider’s credentials and bypass traditional security controls than it is to break through the firewall. This underpins the value of identifying insider threats as early as possible. SPOTTING INSIDER THREATS WITH USER LOGON ACTIVITY Insider threats are pretty difficult to spot since the person logging in is using valid credentials. Simply logging all network activity is not enough to protect an organization from either malicious or careless activity. You have to look for leading indicators of improper, malicious, or careless employee behavior. You can do so by watching for abnormal user activity – but it needs to be activity that suggests a potential threat, and not necessarily activity that suggests threat activity is in progress. As an example, you can watch for excessive copying of files, or surges in upload web traffic to spot a potential data breach, but the reality is that once these activities occur, it’s too late – the threat-action has taken place. You need to: 1. that occurs well before threat actions are taken. The earlier detection occurs, the less damage the threat can do. 2. . If detection parameters are too broad, IT spend their time chasing ghosts and not stopping threats. 3. . Stop the threat - well before any malicious action takes place. To do this, you need to focus your efforts on the one part of the attack that can’t be bypassed – the logon. Watch for abnormal activity Create as few false positives as possible Don’t just detect the threat NOT ONLY PRIVILEGED USERS You need to watch anyone with access to valuable data – . And when we say anyone, we don’t just mean employees. You need to think about the extended enterprise today of partners, contractors, supply chains... anyone who has access to your network. not just privileged users Our independent research highlighted . six common insider threat personas PREVENTING INSIDER THREATS WITH LOGON SECURITY There is one activity that’s common to every insider threat and that’s the logon, which is why that’s where we need to focus. Whether we talk about endpoint access, lateral movement between endpoints, external access via VPN, remote desktop access, or more, they all require a logon. For many employees, the only security protecting access is a password, and once the hacker has it they can easily bypass most security controls. The goal with logon security is to make the logon itself a scrutinized and protected event and offer effective protection against the insider threat. A logon security solution is there to detect an abnormal access attempt based on the customized logon policies that are set for that particular user. It will either deny or approve the logon and alert IT if stipulated. This will thwart the following potential insider threat scenarios: - (from phishing attacks or malicious colleagues): it will protect them with controls that will make genuine but compromised credentials useless to attackers. - such as password sharing, shared workstations left unlocked or logging into multiple computers. - : this will allow to identify and attribute access to any data/resource to one individual user which will discourage an insider from acting maliciously. Even better, employees should be notified with alerts on their own trusted access. Informed employees are an important line of defense. Exploited users Careless user behavior Malicious activities The insider threat is real and it’s here. Today. On your network already. They are the employees you work with every day. A broken-up relationship, a passed up promotion, or personal hardship and they become your security’s worst enemy. So, having a proactive and cost-effective solution, such as our very own - , to address insider threats is as important as your endpoint protection, firewalls, and email gateway. UserLock

Detecting & Preventing Insider Threats To Your Company: An Overview

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Securing MFA Against Brute Force Attacks

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

10 Steps to Ensuring Cyber Security for a Small Business

Securing MFA Against Brute Force Attacks

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

10 Steps to Ensuring Cyber Security for a Small Business

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps