Dealing with insider threats is a complicated, time-consuming task. With so many potential threats to protect against, you might not know where to begin. Do you start with data, privacy or physical security? How much of your budget should you allocate to each? Before you can answer these questions, you need to know what you’re up against.
Let’s begin by returning to the definition of insider threat:
An insider threat is the risk that an employee or other contractor who has access to your organization uses that authorization to damage your organization, whether knowingly or unknowingly. These threats include damage to infrastructure, loss or degradation of resources and unauthorized disclosure of proprietary information.
Insider threats that are knowingly executed are more obvious and easy to detect – whether it’s physical damage to infrastructure and resources or unauthorized public disclosure. These threats are costly and should be addressed accordingly.
What about unintended internal threats in security?
According to a recent report from Forrester, insider threats are the leading source of security breaches in the past year. However, 36% of those security breaches stemmed from unintentional misuse of data by employees.
Your team could be perpetuating behavior or activities that ultimately threaten your organization, either by empowering external threats or letting intentional insider threats slip through cracks in your security. One way to maximize your organizational security budget is to eliminate these unintended insider threats before they become more serious and costly.
In your insider threat detection program, here are some focus areas for eliminating unintended insider threats:
• Security Education:
According to Forrester’s research, only 42% of employees had received training on working securely (whether cyber, physical or data security). Only 57% said they were aware of their organization’s current security policies.
By implementing the right education for your employees, you close this critical gap in your organizational security.
• Undue Attention:
Employees become insider threats when they engage in activities that bring undue or undesired attention to your business or agency. For example, employees posting proprietary information inappropriately to social media platforms severely undercut your organizational security and reputation, whether intentionally or not.
Eliminate this inadvertent threat by executing the right policies and monitoring efforts to supervise your organization’s reputation and attention from the public.
• Careless Safety:
Threat assessments should also consider employee attitudes toward physical safety and security. Employees that infringe on the reasonable expectation of a safe work environment should be treated as insider threats and acted upon accordingly – even if their behavior was due to a lax, rather than threatening, approach. This could include not following safety procedures, leaving entrances unlocked or unmonitored or not addressing suspicious visitors.
Close this insider threat gap by establishing a culture of organizational security that treats carelessness with the same consequences as treachery.
• Sensitive Information:
Whether it’s customer privacy or national security data, employees shouldn’t deal lightly with proprietary information. This includes controlling access to sensitive information through enforcing strong passwords, granting authorized access only to needed employees and monitoring employee behavior on company networks.
Just like physical safety and security, you should address negligent attitudes toward cyber and data security with serious consequences.
• Ignoring Indicators
In many cases, fellow employees could have detected or reported malicious insider threats. However, many team members choose to ignore insider threat indicators and not report suspicious behavior or careless activities. This disregard for organizational security empowers intentional insider threats, in many cases prolonging their operations and intensifying the consequences.
By turning a blind eye, well-meaning employees become inadvertent insider threats because their actions empower the true enemy. Combat these unintentional consequences by instituting better security education and reporting procedures.
No matter what policies or procedures you have in place for reducing inadvertent insider threats, your efforts are futile if you don’t proactively investigate reported incidents and properly enforce new policies.
By addressing these five areas of unintended insider threats, you tighten your organizational security and eliminate low-risk distractions. These steps also ensure that your security budget and your schedule have the bandwidth to address and better prepare for insiders with malicious intent.