13 Smart Strategies To Strengthen Your Company’s Insider Threat Program
Bob Fabien "BZ" Zinga (版主) ????????
Award-Winning Silicon Valley Senior Cyber Executive | CISO | Board Director & Advisor | IW Commanding Officer | Business Enabler | Author | Keynote Speaker | Coach | C|CISO | CISSP-ISSMP | M.S. | MBA | #BlackLivesMatter
In today’s digital workplace, companies don’t only have to protect themselves from outside hackers — they also have to develop a process to guard against insider threats. These threats can include the poor cyber hygiene habits of employees as well as malicious actions such as fraud, theft of intellectual property or confidential information, and even intentional damage to computer systems.
Additionally, the insider threat threshold is wide. Even well-intentioned team members can misplace equipment, use inadequate passwords or fall prey to a phishing scheme. Further, malicious attacks can come from anyone who has inside information about your company’s systems and vulnerabilities. That can include everyone from unhappy or unscrupulous current employees to past employees, vendors and contractors.
It’s essential for every organization to proactively put procedures in place to protect their data, IP and systems. Below, 13 members of?Forbes Technology Council ?share strategies to help tech leaders strengthen their insider threat programs.
1. First design basic controls.
Take the time to ensure the basics are in place before implementing more complex controls. Implement robust and streamlined joiner, mover and leaver processes, applying the principle of least privilege. Define segregation of duties and access controls for key role types within the company and establish solid governance around classifying and documenting where sensitive data resides and who has access. -?Pete Hanlon ,?Moneypenny
2. Run comprehensive background checks.
Run criminal background checks on all employees and contractors upon onboarding and with reasonable frequency afterward. Many years ago, running background checks on 100% of company users was expensive. However, with the advance of technology, it is now affordable, and doing so will go a long way to ensure that users remain trustworthy — especially those with sensitive and privileged access. -?Bob Fabien Zinga ,?Directly, Inc./U.S. Navy Reserve
3. Map the potential risk to internal services and APIs.
Discovering and understanding the risks to all internal services and APIs is critical to your knowledge of the overall threat posture. Unauthorized API access by an employee could inadvertently cause risk. If an internal API is part of a chain that an external API uses, the end-user context needs to flow end-to-end to prevent insiders from unauthorized access to these APIs and data. -?Sanjay Nagaraj ,?Traceable.ai
4. Hire a red team.
First, understand what is truly a threat and prioritize remediations. Most leaders do not have the resources, time or budget for large-scale migration to new risk-mitigation techniques (such as Zero-Trust) while keeping the lights on. Employ a third party — a red team — to assess and rank threats based on brand, regulatory status and compliance. Then work on the list, keeping the larger picture in focus. -?Ian Sinclair ,?Hitachi Vantara
5. Develop a standard of normal user behavior.
Few adversaries break in; instead, they log in. The burden on the defender then becomes identifying whether a legitimate account has been compromised, and it’s at this point that most tech leaders simply give up. It is critical for organizations to deploy behavioral analytics to identify a standard of normal behavior for users. If a user strays from their typical pattern, it may be time to look further into the situation. -?Stephen Moore ,?Exabeam
6. Leverage machine learning.
Organizations can strengthen their insider threat program by leveraging machine learning. ML is particularly good at baselining activities and normal behaviors of users. This information can then be used to identify significant deviations from normal activities for a user and categorize them as abnormal. This also positions the organization in a more proactive posture — ideally before a breach occurs. -?Michael Raggo ,?CloudKnox
领英推荐
7. Employ Zero-Trust.
The Zero-Trust model assumes that at least one of your email accounts is compromised. If you are only monitoring inbound and outbound emails, you are blind to the threat. The same applies to your cloud file-sharing and collaboration apps. Zero-Trust protects against both account compromises and rogue internal accounts. -?Michael Landewe ,?Avanan, The Cloud Security Platform
8. Prioritize employee engagement.
When employees feel trusted, respected and protected, they’re more likely to defend their employer and customers and have a higher propensity to be diligent and vigilant. Technology should verify that things are okay as well as offer the capability to quickly identify when things take a turn for the worse. The tech should provide enough context to understand intent. -?Mohan Koo ,?Dtex Systems
9. Test your employees regularly.
Just as you perform fire drills, you should also perform tests such as sending spam and phishing emails to see if employees follow company policy and refrain from clicking or forwarding such emails. Many tools exist to perform insider threat testing. Use one — it will strengthen your insider threat program. -?Michael Hoyt ,?Life Cycle Engineering, Inc.
10. Ensure employees are aware of repercussions.
Creating awareness in employees about the consequences of data breaches and security loopholes goes a long way. Employees need to understand both the tangible and intangible repercussions of these incidents since awareness programs not only prevent them from making mistakes but also make them vigilant and improve an organization’s security posture. -?Vibhuti Sinha ,?Saviynt
11. Provide ongoing security training.
Insider threats can be either intentional or accidental, so tech leaders need to know the signs of both. Look for red flags such as large data transfers to unauthorized accounts or abnormal login activity to pinpoint the employees who may need more security training or a refresher on company policies. -?Edward Bishop ,?Tessian
12. Hire reliable legal counsel.
Ensure you have reliable legal counsel and a transparent, detailed response process. The process needs to identify the parties that you must notify of a breach and how risk assessment should be done. Lawyers or attorneys can advise you on the proper laws and regulations to follow when establishing and implementing the process. -?Arnie Gordon ,?Arlyn Scales
13. Create a mitigation plan.
Clean up environments on a schedule and solidify an access plan. Overall, the process of security is important, but to strengthen the program, you need strict follow-through. Establish protocols for user permissions and environment accessibility and provide ongoing security training. Employees may not be as concerned about insider threats, so it’s important to have a mitigation plan ready. -?Amelia Quan ,?RollKall Technologies
Forbes Technology Council ?is an invitation-only community for world-class CIOs, CTOs and technology executives.