There still seems to be a lot of confusion about what an insider threat is, how they caused, who they are caused by, and the steps required to minimize the damage they can caused. Below are 5 common myths surrounding insider threats.
Myth #1: Insider Threats are Always Malicious and Harmful
According to the following report, 36% of insider threats are the result of “ignorant or careless user actions”. Should a careless employee accidentally leak sensitive information it could have serious ramifications for the organisation.
That said, insider threats are typically far less damaging than say, an Advanced Persistent Threat (APT) – a malicious form of insider threat. Even threats that are intentional are not always harmful. For example, should an employee forget their login details, they might use another employee’s credentials to log-on to the system. Though intentional, it is unlikely to result in a data breach.
Myth #2: Ransomware Prevention Tools are Ineffective
Real-time threat detection tools, such as LepideAuditor, enable companies to detect, alert, report and respond to changes made to their critical data. They help to maintain “least privilege” access, identify suspicious file and folder activity and unauthorised mailbox access, manage inactive user accounts, and a lot more. Such tools are unquestionably very useful for detecting insider threats; however, technology alone will not protect your company from insider threats. Companies must also:
- Develop and maintain a formalized Insider Threat Program (ITP)
- Carry out thorough background checks on employees, contractors and third-party’s
- Classify their data so that they can allocate resources more effectively
- Encrypt all sensitive data to minimise the impact should a work device get lost or stolen
- Implement an on-going security training program directed towards employee’s, managers, stakeholders, and anyone else who handles sensitive data
Myth #3: Threat Detection Tools Alone Will Be Enough
Threat detection tools are not designed to prevent security incidents from happening, but instead provide the tools necessary to detect, alert and respond to incidents in a fast and efficient manner. For example, it’s very difficult to prevent a naïve employee from downloading an email attachment containing malware.
As it currently stands, most sophisticated strains of ransomware are able to bypass traditional anti-virus/malware tools. Of course, companies can block users from accessing their personal email or social media accounts, and restrict the use of flash/external drives, but the most the effective strategy for actually preventing such attacks is to educate staff members about security best practices.
Myth #4: Most Insider Threats are Caused by Privileged Users
While the notion that most insider threats come from privileged user accounts is intuitive, it’s actually not true. The reason being is that there are relatively few privileged users compared to non-privileged users, and most privileged users are typically better informed about security best practices. Most threats originate from either employee’s or third-party contractors.
However, it should be noted that even though privileged users are less likely compromise the system, the impact of a security incident caused by a privileged user could have far worse ramifications.
Myth #5: Your Security Team Will Be the First to Spot an Insider Threat
According to the following blog post, it is the IT department who are most likely to identify an insider threat, followed by regular employee’s. The fact is, your security team can only do so much with the resources available to them. Identifying security incidents is everyone’s responsibility.
If you need help addressing insider threats, contact us today or request a demo of LepideAuditor to see how it can fit into your IT security plan.