How can organizations succeed against cyberattacks when their greatest assets—their people—are also a potential liability?
We need trusted insiders possessing something close to “super powers,” and they’re also going to need a web of capabilities and technologies backing them up to be truly effective.
Faced with escalating threats, businesses are getting better at instilling in their employees a certain “Spidey sense“—that “tingle” in the back of the neck that gives you a vague but strong sense of something being wrong or suspicious. Armed with this attribute, recipients are more likely to see that attack coming and less likely to click on that “phishy” email attachment—denying easy access to an attacker.
This is all well and fine, and it’s helping businesses become more resilient, but it’s just part of the equation, because increasingly, the “enemy” is coming from the inside, not the outside.
Cybersecurity professionals told us so. In a recent survey we conducted with HfS Research, the potential theft of data or personal information by corporate insiders “dominated” the discussion. Some 69 percent of the 200-plus respondents said they witnessed an attempted or realized data theft by corporate insiders during the previous 12 months.
Unfortunately, the trend looks to continue: Forty-eight percent of respondents indicated they are either “strongly” or “critically” concerned with insider-based data theft over the next 12 to 18 months.
How to spot insiders before it’s too late?
The first step is to recognize that no matter where they originate, all cyber threats essentially become insider threats. That’s their reason for being: to gain access to your networks or systems—the keys to the kingdom—get inside, rummage around on the sly and take what they want, or just create a nuisance.
Insiders who become threats basically fall into three categories. The first two—the “benign” and the “unwitting”—are similar: They probably are employees or contractors who mean no harm; it’s just their credentials have been co-opted by external attackers. Most employee training and awareness programs are focused on trying to prevent the types of mistakes that lead to benign or unwitting insiders.
It’s the third category—the “malicious” (see: Snowden, Edward)—where we face the biggest challenges and the biggest risks.
Real Credentials, Very Bad Things
Malicious insiders tend to have an axe to grind—they’ve somehow been isolated from their professional network, they may be in danger of getting fired, they may be coming up to the end of their contract. Whatever the case, they’re using real credentials to do very bad things.
It’s these individuals on whom we need to sharpen our focus as we tackle insider threats.
Fortunately, more organizations are finding a way forward: They’re incorporating “identity” into their security operations centers, something that combines technology, psychology and the nuances of human behavior.
In my next post on the Accenture Security blog later this month, I’ll detail how behavior tools work in cyber security and offer some examples of real-world situations where it can come into play.