Employees are probably the greatest risk facing a business in the modern era, sometimes out of malice, often due to carelessness but always because they have access to information that might be valuable outside your organisation.
How to identify your next insider threat
Let’s take a look at some of the types of users who may be putting you at risk and then consider some simple steps that could be taken to minimize the chance of them being at the centre of a data breach storm in your business.
1. The privileged user
It stands to reason that the more of your infrastructure any user has access to, the greater the risk of something going wrong. Privileged users are often IT and infrastructure people who have been given full reign to maintain and manage systems. These people are often more security conscious, but the concern should be over the nature of the data they have access to.
2. The contractor
Increased outsourcing also opens a window of risk. Snowden is an obvious and extreme example. But the challenges faced by some third parties may be forcing them into risky behaviours. Consider a contractor who only has access to work securely from a remote location, it’s likely they’ll be forced to copy the data they need to a cloud storage service like Dropbox.
3. The password sharer
According to a survey of more than 1000 workers in the US and the UK, 48.8% had shared login and password details with a colleague. The view taken here maybe that colleagues in the same organisation can be trusted and could access information using their own login data anyway. The risk is that someone who has another person’s password can effectively pretend to be that person. The NSA hack used social engineering to get login details from users and we understand that Edward Snowden employed a similar tactic.
4. The lazybones
Users now have a user name and password for almost every website, business system and bank account they use. It shouldn’t come as a surprise that many logins and passwords are often replicated to make life easier, or in the worst case noted down on a post-it note stuck on the back of a laptop.
5. The ex-employee
Cloud storage services have become the new USB sticks. Users are now regularly circumventing restrictions on access to these services to copy over files, usually for them to work on remotely. Many people may find themselves in a situation where having left an employer they then have a stack of potentially valuable data they could misuse.
You need to build a security culture
If we want to begin to address these kinds of risks it’s vital that we look to build a security culture that’s at the centre of how an organisation works. Also, one of the main reasons why login credentials are shared or policies ignored is that it isn’t easy enough for users to delegate access and permission to one another, this should be a goal. And finally, begin with your biggest areas of risk. If you have no visibility of how privileged users are accessing systems which hold all of your potentially most sensitive data then begin there. Wallix can definitely help with that, you can see how we manage privileged users in this short video.