Insider Threats: Anyone Could Cheat, So Who Can You Trust?

The world of cybersecurity has been dominated in recent weeks by the hacking of extramarital dating website Ashley Madison, with hackers claiming to have details of 37 million of the site’s users. Although the exact source of the breach has not yet been confirmed, the outgoing CEO of the company, Noel Biderman, publicly stated that the company had identified who they think is the culprit. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services,” he told security expert Brian Krebs.

It appears, therefore, that this was an inside job carried out by someone, perhaps a partner or contractor, who had access to Ashley Madison’s internal networks. Just like the Sony hack at the end of last year, which many security experts believe was an inside job, the Ashley Madison case again raises the issue of insider threats.

While IT departments spend much of their time and budget on protecting organizations against external threats, the greatest danger often comes from within.  PwC’s recent Global State of Information Security survey found an increase in insider incidents, with 32% of them being done by current employees.  So what can organizations do to mitigate the risk of a disgruntled insider breaching their network?

Security policies

Too often, we come across companies that have a very broad and permissive security policy, which leaves their networks constantly exposed to threats – from the inside as well as the outside. Organizations need to think about who really needs access to what resources, and apply the principle of least privilege, giving employees only the degree of access they need to do their jobs.  With the rise of BYOD, they also need to have clearly defined security controls around mobile devices that are connecting to the company network, as they represent a major security risk both internally and externally.  Yet, at the same time, organizations should take care to avoid being too restrictive:  if staff feel that IT rules are hindering them, they will inevitably rebel and try to bypass them.

Segmentation

Network segmentation remains an under-used security measure but the recent string of high-profile security breaches drive home the importance of having careful and well-maintained network segmentation. When implemented well, it makes it harder for a hacker to travel through the network and can limit the damage caused when the network is breached. Sensitive data should be separated from less sensitive data, making it harder for attackers to access the company’s crown jewels. Once again, it comes down to the question of who really needs access to what.

Data loss prevention

There are many data loss prevention (DLP) measures that organizations can implement to reduce the risk of data breaches. These range from core security tools such as firewalls and intrusion detection systems, to restrictions on outbound connections and the data that staff can copy out from a network. For example, some organizations do not allow users to copy data from a laptop or PC to a USB device.

Employee termination processes

Organizations should have structured employee termination processes, ensuring that when someone leaves the company, all their access credentials are disabled immediately.  Similarly, partners, contractors and customers should only be given access credentials for as long as they need them. This is a combination of HR and IT, as it requires proper procedures for when people join and leave the company, as well as secure technical processes for terminating access to company resources. This is particularly important if the parting was not entirely amicable, as aggrieved former employees left with access to the network can pose a serious threat. To illustrate this, the Sony hack is thought by some experts to have originated from a group of former workers who had an axe to grind with the company.

Insider threats are trickier to contain than those from outside and, as the PwC report found, cybercrimes committed by insiders are often more costly and damaging than those carried out by external parties.  AlgoSec’s own research discovered that 73% of organizations consider insiders to be a top security concern.

It’s a challenging issue since employees, contractors and partners need some degree of access to the network in perform their jobs, and there has to be an element of trust.  However, if the Ashley Madison hack teaches us anything, it’s that even those closest to you can prove to be untrustworthy.  With insider threats growing and the increasing use of BYOD and mobile devices in the enterprise, organizations need to take active steps to protect themselves from the danger within.