A survey of chief information officers at Fortune 1000 companies by security and information management firm Nuix has found that whilst insider threat programs inside organisations are becoming increasingly important in combatting today’s cyber threats, this issue may not yet have the attention it deserves.
Why your company needs an insider threat policy
Given the high profile nature of these businesses, it’s surprising that 30% of respondents reported having no kind of insider threat program or policy. However, 21% attributed some of their security team’s spending increases to additional protections against internal hazards and 14% reported allotting 40% or more of their budget to insider threats.
What is an insider threat?
Also highlighted in this report was the challenge of knowing what an insider threat is in the first place. Although, when asked to define the term there was a clear theme among the responses, featuring the words “malicious,” “internal,” “authorized,” and “inappropriate.” One financial institution CISO noted: “All threats are insider threats; once a hacker enters the company’s environment, it becomes an insider threat.” “Not all insider threats are mischievous,” countered another financial institution CISO. Those nuances characterized many of the other explanations, which varied to include the following simple and complex descriptions:
- A malicious actor who is an internal employee.
- People with access to data trying to sneak it out the door.
- An internal employee who knowingly or unknowingly grants unauthorised access to someone.
- An outside entity trying to get in by taking advantage through social engineering or a relationship to access internal data.
- Any user activity that falls outside of the organisation’s policy.
- A person who is affiliated with the organisation and through negligence or malice puts the organisation at risk.
- The usage of inside systems by authorized and unauthorised individuals in a seemingly nefarious way.
- Someone with knowledge of the system who uses that knowledge to create or exploit a weakness.
A growing phenomenom in IT security
One insurance executive explained that individuals interpreted “insider threats” according to their roles in the organization. “If you speak with individuals in physical security, it could be a disgruntled employee with a weapon,” he said. “For those in finance, it could be an employee with high-level credentials secretly moving money or accessing intellectual property to endanger the company’s competitive landscape".
There’s certainly greater awareness of insider threats thanks to the public profiles of Chelsea Manning and Edward Snowden and it’s also much easier to steal information than ever, you can just copy key files onto a thumb drive in seconds. And finally, is there the possibility that the theft of internal records has become culturally more acceptable?
WALLIX offers solutions that give privileged users in your organization secure access to servers and devices, and gives you complete visibility and auditing of their actions, helping you to meet compliance requirements and keep data secure.