decrypting myths
cybercriminal and the criminal is now acting as that person , because they ’ re logging in using their credentials .
Further , you ’ d be responding slightly differently if you ’ re dealing with someone that is intentionally stealing company data and trying to cause harm to the organisation .
How concerned should CISOs be about insider threats and how is the reported Great Resignation driving the rise in these ?
As cybersecurity professionals , we spend a lot of our time and budget focused on keeping threats out . We want to make sure that we ’ re protecting our data and with good reason . However , not all attacks are perpetrated by outside criminals . Sometimes that risk is inside of our house . There are two key trends that are leading to this increase in insider risk .
The first is the move to the cloud . We ’ re leveraging more cloud services , more data is going into the cloud , more people have access to that data .
And then second is this work from anywhere – we have much more flexibility but with increased access comes increased risk . Are we monitoring where that data resides ? Are we monitoring who has access to that data ?
With the Great Resignation we ’ ve seen an increased risk around insider threat incidents because as people are leaving organisations they ’ re taking data with them , believing it to be theirs .
We are seeing these trends where individuals are taking data or accessing data in interesting new ways . Forrester coined an interesting phrase , stating that COVID-19 has introduced ideal conditions for insider threat – and that ’ s ultimately because we ’ ve enabled more access . So , we need to monitor that data .
How can CISOs best protect against these different attacks and ensure employees are aware of the threats presented to them ?
First , it ’ s understanding what type of insider you are dealing with . That should inform how your security team responds . If you ’ re dealing with someone that ’ s made a mistake , perhaps you want to send them to training again or make them aware of a security policy of and their responsibility in protecting that data .
Your response plan will be completely different if , for example , you ’ re dealing with a compromised user , someone who has maybe inadvertently given up their password and username to a
But fundamentally , the foundation of any defence is visibility . You need to have total visibility into your data and your people . The data that they are creating and how they ’ re accessing it , where it resides , who has access , whether it ’ s on premises or the cloud and how people are working with that data .
It ’ s not just about confidentiality . It ’ s also about the integrity and availability of that information . Then you need to implement technical controls like DLP solutions , or security solutions that are ultimately preventing those criminals from stealing credentials and getting access to those Crown Jewels and cloud stores . You can then implement appropriate controls to protect the threat landscape of that individual .
Also , you need to create a strong security culture . That means understanding the behaviour of people , what good behaviour you want to implement and then building a culture programme and awareness programme to ultimately change behaviour towards that good .
As a final recommendation , people are the new perimeter , so we recommend implementing a layered defence . This includes dedicated insider threat management solutions , a strong security awareness training programme and ultimately , a critical and strong threat protection solution that ’ s blocking threats from reaching your people , irrespective of the channel or technique or platform that the criminal is leveraging . u www . intelligentciso . com
69