When we think of cyber attacks, we often picture an outside actor looking to exploit an organization’s resources for some kind of gain. And while external bad actors are a very real and present threat for companies and organizations of all types, there’s another facet that should always get some attention.
Insider threats are just another front for organizations to plan for and manage. And because insiders often already have access to critical systems and tools, organizations need to spin up special processes, plans, and strategies to combat the threat.
Rings a Bell: What is an Insider Threat?
Let’s define what an insider threat is.
An insider threat is a current employee, former employee, contractor, or other associated person who acts against an organization. Even agents of foreign governments can make an appearance on very rare occasions.
Insider threats often leverage the access to systems and tools organizations grant in trust. Motivations also vary; revenge, hacktivism, or extortion for personal gain can all drive an insider threat to action.
Their attacks take a similar shape to those of external cyber criminals. But this fact shouldn’t shroud that staving off insider threats is a different game.
Passwords and Access
If someone has a password to an account of a system, they can bypass most tech-based security checkpoints.
As employees and other associated parties end their relationship with an organization, that organization’s administrators should take one of two important steps.
The first is cutting the leaving party’s access to tools, platforms, and systems. If the party held an individual account, the organization should get their password before the account holder is no longer under the organization’s roof. Doing so returns control to the organization and allows administrators to change the password, close the account, or change the account setting to lock the leaving party out.
If the leaving party uses a shared account, an organization and its administrators should immediately change the password and access pathways. After that, the administrators need to share the new log-in information with stakeholders who still utilize the account. Password management tools are great for this step.
Software holds many keys for insider threats, but hardware does as well.
Some employees and contractors, as part of their roles, hold and maintain hardware that is essential to business functions. We those parties break their association with an organization, the organization’s managers and administrators must have a process for resecuring that hardware. While the majority of people don’t have any desire to act maliciously, some do, and that risk is not one an organization should take.
As part of the offboarding process, managers and administrators weave in a method for getting any hardware back from employees and contractors. It’s another small step in making an organization more resilient against internal bad actors.
Knowledge and Training for Current Employees
External cyber attackers often try to leverage existing employees of an organization, and insider threats may do the same.
Simply put, social engineering is a much simpler path for bad actors. Technology requires knowledge to deploy; convincing someone to let you in is much easier.
Insider threats may even prefer social engineering as they may have already built trust and a rapport with existing employees.
Organizations can get around this exploit, however.
Training goes a long way in cyber security, regardless of who’s behind an attack. Organizations should develop a program for all employees that teaches them to recognize phishing and other social engineering methods.
Focusing on insider threats, organizations can implement processes and systems that current employees can turn to when an old colleague reaches out, especially regarding a topic related to work. It could be as simple as ignoring messages, or a longer referral process with increased scrutiny.
Cyber criminals are a very real threat for organizations now, and the world’s embrace of remote work in the past few years makes the option more appealing to bad actors, both external and internal. It’s now on organizations to stay ready and vigilant by implementing new strategies and tactics that limit the damage of someone with ill intents.