Losing Sight of Insider Cyber Threats
Are we losing sight of insider cyber threats as we expand the remote workforce?
According to ZDNet, security think tank the Ponemon Institute and cybersecurity company DTEX Systems reported that over half of companies find it impossible or very difficult to prevent insider attacks.
The joint report notes how catching early warning signs of insider threats is the most common issue for organizations. In order to fully understand any insider incident, visibility into the entire kill chain is imperative.
“The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception,” said Larry Ponemon, chairman and founder of the Ponemon Institute. Yet, since human behavior is more nuanced than machine behavior, insider attacks follow a slightly different path — including reconnaissance, circumvention, aggregation, obfuscation, and exfiltration, all of which could suggest something is off-kilter.
These insider threat scenarios are bringing to light the confusion around who is responsible for controlling and mitigating risks. While 15% of those surveyed suggested that the CIO, CISO, or head of the business, is responsible, 15% suggested that because ultimate responsibility in this space is unclear, managing and detecting the risks and threats can fall between the cracks.
When one considers the expanding remote workforce, potential compounding cyber losses become foreseeable. As remote employees rely on cloud services including Remote Desktop Protocols (RDP), Virtual Private Networks (VPN), and application suites like Microsoft Office 365 or Google Workspace the cyberattack surface expands as well.
Bad actors can exploit the reduced level of monitoring activity, while successfully compromising login credentials for remote cloud services. That means employees at all levels within the company need to better protect their application infrastructure. Security requires awareness of the applications and services in use in the network, knowledge of potential cyber vulnerabilities, and taking action to ensure secure login to cloud services — for example, by adopting multi-factor authentication (MFA).
“Our findings indicate that in order to fully understand any insider incident, visibility into the nuance and sequence of human behavior is pivotal,” said Rajan Koo, chief customer officer at DTEX Systems.
The best way for companies to improve their ability to detect insider threats is to improve the security posture of the business by designating clear authority for controlling, investigating, and mitigating this risk.
In essence, we need to better understand the human factor at the heart of insider cyber threats.
Featured image (top) by Andrew Martin from Pixabay