Cyber programs often miss the significant risk generated by employees, and current tools are blunt instruments. A new method can yield better results.
Insider threat via a company’s employees (contractors and vendors) is one of cybersecurity’s most prominent unsolved issues. Almost 50 percent of breaches were reported in a recent study. Companies are undoubtedly aware of the problem but rarely dedicate the resources or executive attention required to solve it. In addition, most prevention programs fall short either by focusing exclusively on monitoring behavior or failing to consider cultural and privacy norms.
How fraudsters use vulnerable insiders
If a fraudster’s target is in a secured network, its focus is to achieve the privilege of an employee’s access. Fraudster Uses tactics and techniques to achieve desired credentials: phishing emails, watering holes, and weaponized malware, to name a few.
With those credentials, fraudsters can move laterally within a system, escalate their privileges, make changes, and access sensitive data or money. Fraudsters can access data or information from unsecured locations during outbound communication using a command-and-control (C2) server. They can make outbound attempt changes or perform volume outbound transfers.
How fraudsters attack:
- Deploy phishing emails or malware
- Identify a rogue user
- Attain compromised credentials
- Move laterally to the desired target
- Escalate privilege as needed
- Access assets
- Obfuscate network activity
- Alter data
- Exfiltrate data
How to mitigate insider threats
here are different technical and non-technical controls that organizations can adopt to improve the detection and prevention of each insider threat type.
Each type of insider threat presents different symptoms for security teams to diagnose. But by understanding the attackers’ motivations, security teams can proactively approach insider threat
defense. To mitigate insider threats, successful organizations use comprehensive approaches.
They might use security software that:
- Maps accessible data
- Establishes trust mechanisms—granting access, revoking access, and implementing
Multi-factor authentication (MFA)
- Defines policies around devices and data storage
- Monitors potential threats and risky behavior
- Takes action when needed
Know your users
- Who has access to sensitive data?
- Who should have access?
- What are end-users doing with data?
- What are administrators doing with data?
Know your data
- What data is sensitive?
- Is sensitive information being exposed?
- What risk is associated with sensitive data?
- Can admins control privileged user access to sensitive data