THE ENEMY WITHIN: INSIDER THREAT

Most organizations set up their security structures to protect their infrastructure from external threat actors and doing so, they miss out on the biggest threat of all; Insider Threat. There is a lot of literature and confessions of the fact that the user poses the greatest risk for the organization. The user is viewed as as the weakest link in the chain and a source of vulnerability.

The current economic conditions have not helped the course, making way for threats to penetrate into the organization via the users that we trust with admin rights on their devices and also the infrastructure. In the recent past we have witnessed an increase in insider related incidents which translates to an increase in costs to manage the repercussions of the actions of the insiders.

These cases are being witnessed at a very delicate time where the risk of employees walking away with company's data or selling their access credentials is on the rise due to the fact that most of the companies are laying off their staff to reduce on operational cost because of the COVID-19 health crisis. For a fact, organizations need to take strict measures to mitigate the exposure of the insider threats.

It is clear that there is a gap that needs to be filled by the organizations in regards to having the insider threat actors neutralized. This has to be done keeping in mind that external actors are taking full advantage of these uncertain times by launching attacks through phishing, ransomware, social engineering and credential stuffing. Apart from having a budget for cyber security, the organization needs to improve its cyber resilience and disaster recovery structures. Despite all these, the insider needs to be highly considered since they can do as much damage from the inside either through malice, revenge or innocent negligence.

The source of insider threats is basically from current employees, former employees, contractors or associates that have or had access to the organization's infrastructure or sensitive data. Such attacks are next to impossible to detect since they occur under the pretense of being legitimate requests or actions.

Ed Snowden was just a contractor, remember?

Insider Threats are usually defined by the motivation and the intention. The threats happen because of the financial gains or even revenge. Perpetrators of such actions include

• Disgruntled Employees
• Malicious Insider
• Careless Staff
• Feckless Third Party
• Insider Agents

These actors are usually a step ahead of the security experts as they are familiar with the target, in this case: the IT infrastructure and the location of the sensitive data, how it is stored, protected and transferred. This will help them to evade any security measures and at the same time, they can delete their footprints to avoid being traced. But how do we detect such activities yet the behavior of the insiders often blends in with typical business activity? The use of behavioral analysis using relevant tools like Data Loss Prevention Systems, User and Entity Behavior Analytics come in handy to establish early indicators of insider threats which may include actions like;

1. Unusual activities at odd hours and,
2. Volume of data traffic on the network