A Guide To Insider Threats

Insider attacks are particularly difficult to defend against. Insiders have internal knowledge of the network, and often know a system’s vulnerabilities. Even if they don’t violate security policies, they can perform authorized actions in a malicious way.

I like Common Sense Guide to Mitigating Insider Threats. It’s light reading, if you like that sort of thing. Here are the recommendations in brief:

  1. Consider threats from insiders and business partners in enterprise-wide risk assessments.
  2. Clearly document and consistently enforce policies and controls.
  3. Incorporate insider threat awareness into periodic security training for all employees.
  4. Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.
  5. Anticipate and manage negative issues in the work environment.
  6. Know your assets.
  7. Implement strict password and account management policies and practices.
  8. Enforce separation of duties and least privilege.
  9. Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
  10. Institute stringent access controls and monitoring policies on privileged users.
  11. Institutionalize system change controls.
  12. Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions.
  13. Monitor and control remote access from a ll end points, including mobile devices.
  14. Develop a comprehensive employee termination procedure.
  15. Implement secure backup and recovery processes.
  16. Develop a formalized insider threat program.
  17. Establish a baseline of normal network device behavior.
  18. Be especially vigilant regarding social media.
  19. Close the doors to unauthorized data exfiltration.
[tg_promo_box title=”Try Our Online Demo” border=”” shadow=”0″ button_text=”Try It Now” button_url=”http://demo.tozny.wpengine.com/bank/”]Our multi-factor authentication solution that is easier and more secure than passwords.[/tg_promo_box]