Malicious Insider: Tame your Worry
July 05, 2018 | Insider threats, Data Security
Historically and traditionally, outsiders pose bigger threats to organizations as far as data security is concerned. However, of late, it has been a subject of debate where many security professionals are of the opinion that insiders pose bigger threats to modern enterprises where security access is breached by exploiting the privileged accounts.
Insiders are likely to have access authorization to the confidential information without any intrusion alert. Employees may not have any intention to compromise security, but any normal activity like using USB drive or any portable smart device can introduce manhandling. Comparing to outsiders, internal employees can easily create new passwords or access laptops in different places even outside office premises (thanks to BYOD practice). To add to the worry, malicious insiders are much more challenging to figure out because the users are authenticated on the domain. On the other hand, external attacks might not compromise all data on the breached network. For insider threats, it is easier to exploit a large amount of data without anyone knowing the source of the attacks.
The CIOs, CSOs and CISOs are preferring to incorporate advanced security solutions like privileged access management for the critical business network. Healthcare industry is the highest affected industry in this regard. According to the latest report (PHIDBR - Protected Health Information Data Breach Report) by Verizon, 58% of healthcare breaches happened due to malicious insiders. However, 48% of attackers among them had wrong intentions, whereas the rest did just out of curiosity. Moreover, a UK-based accounting and HR software provider farm was hit with an insider-caused data breach in 2016. It compromised the records of more than 280 customers. An ex-employee (female) used unauthorized access to steal private information of the customers like salary amount, bank account details etc.
The most effective and globally acclaimed solution to combat insider threats is proper incorporation of risk assessment policies. It includes systematic segregation of highly privileged accounts and least privileged accounts that can help the IT department to monitor the activities happening in those accounts in real time. The usage of ARCON | Privileged Access Management in this regard can put aside the digital worries especially which are arising from insiders. In addition, a strict password management and regular audit of employees’ online activities can help the IT managers maintain the sanctity of digital assets in the enterprises. Occasionally the threats might appear through malicious codes used by the internal malefactors. Hence, some extra cautiousness by the system administrators with a robust layered defense against such remote attacks can give a secured network infrastructure to the organizations.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.