The danger posed by insider threats
Many organisations with budgets allocated towards security choose to spend them on defending against external attacks and ignore the far more prevalent insider threat. This tends to be due to the fact that, in the past, external hacks were heavily publicised in the media and resulted in expensive damages to company reputations and bottom lines.
However, despite recent major ransomware attacks throwing the spotlight again on external sources, insider threats still remain the biggest source of data breaches. According to a survey conducted by the Information Security Community, there is a clear disconnect between the rise of insider threats and resources allocated to address it; with 62% reporting that insider threats were increasing, but only 34% expected more budget to address the problem. Security professionals also felt that insider threats were even more difficult to detect than external attacks.
This survey falls squarely in line with a survey Lepide conducted at InfoSecurity Europe earlier this year, in which over 60% of organisations admitted that they couldn’t determine who was making changes to critical servers and sensitive data. This is worrying, as insiders do not have to find vulnerabilities in systems in which they already have access. There’s no need to break into a system where you already have privileged access. This is partly the reason why insider threats are so difficult to detect and combat.
So, what’s the best way to combat insider threats?
Lepide believe that one of the most effective methods to detect insider threats is with a rigorous and pro-active auditing strategy. Many auditing solutions on the market today allow administrators to see when changes are taking place to sensitive data or in critical systems through real time alerting and pre-defined reports.
LepideAuditor, for example, continuously audits, monitors and alerts when changes are made to on-premises systems. It tracks and alerts on file and folder activity so that you can detect whenever files or folders are modified, moved, deleted or renamed. It also tracks current permissions and permission changes on File Servers. One of the biggest reasons for data leakage due to insider threats comes as a result of privilege abuse – either accidentally or maliciously. A pro-active auditing strategy using LepideAuditor enables you to employ a policy of least privilege in which your users are only granted the levels of privilege that they require for their responsibilities.
Ultimately, fighting against insider threats is an ongoing battle that requires vigilance, pro-activity and an automated solution to tie everything together.