HIDING IN PLAIN SIGHT
– WHAT ARE THE KEY
INDICATORS OF AN
INSIDER THREAT?
How do you identify an inside attacker who is not supposed
to be accessing sensitive data as part of their job role?
Although they are notoriously difficult to identify there are,
nonetheless, tell-tale signs that indicate the presence of a
stealthy inside attacker. Matt Lock, Technical Director at
Varonis, explores the top warning signs – both digital and
behavioural – that should serve as a red flag.
O
rganisations
spend vast
amounts of money
each year on
cybersecurity
measures and
solutions to
prevent external threat actors breaking
into their networks. But what about the
threats from within the business? The
2019 Verizon Data Breach Investigation
Report found that around one third
(34%) of data breaches involved an
insider, whether through malice or
negligence. The report is a reminder that
organisations can’t ignore what may be
hiding in plain sight; the insiders who
have access to their most important and
sensitive data assets.
Mitigating this threat is notoriously
difficult, but it can be achieved by
understanding the tell-tale warning
74
signs and using multiple data points
to determine unusual behaviour.
CISOs need to be aware that insider
threats are caused not only by existing
employees, but also consultants,
partners or former employees.
The perpetrators fall into two distinct
camps: those who maliciously seek to
steal data – the ‘turncloaks’ – and those
who unknowingly enable a data breach
by accident or negligence – the ‘pawns’.
Whether a turncloak or pawn, there are
both behavioural and digital warning
signs that someone at the organisation
has become a threat.
Digital warning signs
The digital clues that someone might
pose a threat are connected to that
person’s use of data, especially if they
are doing anything that is not part of their
Matt Lock, Technical Director at Varonis
CISOs need to be
aware that insider
threats are caused
not only by existing
employees, but
also consultants,
partners or
former employees.
Issue 20
|
www.intelligentciso.com