Cyber-criminals can infiltrate your system in moments using the right software - so how easy would it be for an insider to infiltrate your network or any system attached? The USA Department of Homeland Security defines insider threat as including “…sabotage, theft, espionage, fraud, and competitive advantage are often carried out through abusing access rights, theft of materials, and mishandling physical devices.” With more of the world’s employees working remotely than ever before, the loss of jobs and security, and the uncertainty inspired by the COVID-19 pandemic, insider threat needs to be at the forefront of every CIO’s mind.
Insider threat originates with disgruntled, underpaid and over-extended employees who are seeking alternative ways to make money. One of the most well-known insider-attacks
involved Edward Snowden, who disclosed almost 2 million NSA files in 2017. In 2010 Chelsea Manning, a former US soldier, disclosed over 500,000 sensitive US military documents on WikiLeaks. Chinese IBM software engineer, Jiaqiang Xu, stole source code to create his own software, while Canada’s Christopher Grupe sabotaged the Canadian Pacific Railway system by deleting files and changing passwords. Their goals range from moral outrage to simple greed, and for every insider proven to have indulged in attacks against their company or country, there are hundreds of thousands of others who have not yet been caught.
According to cybersecurity-insiders.com
, mitigation of insider threat requires visibility into threat, intelligence, detection, response & remediation, ease of deployment, excellent user experience, scalability and data privacy features. It’s been proven that the biggest gap in the fight against insider threat is lack of visibility and mitigation techniques for those who already have access to a company system, and violation of the information available on privileged accounts.
While many of the insider-criminals featured above were caught and sentenced to prison time in various countries, many insiders will never see the inside of a jail cell. When privileged information is available to too many employees, it’s impossible to tell (without a full-scale investigation) who leaked the information. The only way to trace insider leaks back to the source is through detection of DDoS attacks, DGA Botnet attacks and all abnormal browsing behavior. In addition, it’s more important than ever that these functions be automated and timely. If it takes outsiders only minutes to infiltrate a system, how long would it take an insider with the right passwords and security clearance.
Where do you get the visibility, intelligence, detection, response & remediation, ease of deployment, scalability and data privacy features? No single product can offer all these elements to the degree they are needed - but an array of integrated and correlated products produced by a single vendor - that will do the trick.
One way to do this is to consider how your network security products work together and how effective they are at offering the continued and complex protection you need. Central to any network security system are a few core components, that when combined, give users multi-faceted, multi-layer security from the core network to each endpoint.
1. An AI-powered detection engine
achieves high detection and low false positive rates by accurately identifying the “DNA” of unknown malware/ransomware using artificial intelligence, evolving neural networks and heuristics.
2. A cloud-based threat intelligence & deep learning platform
can train thousands of nodes within multi-dimensional algorithmic detection models.
3. Working in conjunction with a next generation application firewall
means a signal can be sent when any unusual or malicious behaviour is detected, alerting to any exfiltration to Command & Control servers and access to phishing sites at the perimeter.
4. Micro-segmentation of network boundaries through a secure web gateway
limits access across network boundaries.
5. Fast and intelligent endpoint monitoring and protection
goes beyond isolating malicious files at the endpoint, by providing multiple mechanisms to mitigate threats based on file, machine or group, and isolation response which includes endpoint host, service group, and file isolation, trust, deletion, and recovery.