A story came out a few years ago showing that a former employee of an engineering firm continued to access the company’s systems long after leaving. The employee left the firm in 2013 to start his own company, but for two more years he used his old credentials to access and download project proposals, designs and budgetary documents — all with an estimated worth of $425,000.
This is just one example of a growing threat to businesses: malicious insider attacks. We recently covered the threat of accidental disclosure by employees, but that doesn’t mean there aren’t other inside threats to be concerned about. There are a variety of reasons an employee might intentionally threaten company information. Often, it’s done for personal financial gain but in other cases it can simply be a case of a disgruntled employee.
According to Ponemon’s 2018 Cost of Insider Threats, criminal or malicious attacks make up for 23% of all inside cybersecurity incidents — a number that continues to rise every year. And, as the above example shows, these attacks can be costly. The report also found that malicious insider attacks cost organizations an average of $607,745 per incident.
A key contributor to that cost is not just the value of information stolen, but also the amount of time it takes to detect. Because these attacks often use seemingly legitimate access to systems and databases, it can be difficult to discern whether someone is using credentials to access records for work purposes or with ill intent. According to the Ponemon record, it takes an average of 73 days to detect and contain an inside incident.
Mitigating the Threat
There are, however, a number of steps organizations can take to both prevent insider threats and detect them if they do happen.
Evaluate Access Controls
One of the best line of defenses is to constantly evaluate employee permissions and access. Not all employees will need access to all systems, so placing access restrictions depending on the employee’s need is a must.
And this isn’t something you should do just once. It’s important to regularly update your access controls. An employee might need access to certain databases for a short-term project, or, like in the example above, has left the company. Regularly going through employee permissions and access will ensure that only those who absolutely need your information can access it.
Implement Data Loss Prevention Software
Using data loss prevention (DLP) software is an essential way to detect potential malicious activity. DLP tools will classify your data by risk level and organization policy. If the software identifies policy violations (such as moving data off network), it can automatically encrypt effected information, and alert security teams.
Employee education
A report conducted by Opinion Matters found that some employees might be taking or sharing information because they believe they own the data they work on. According to the report, only 40% of employees interviewed agreed that data is exclusively owned by the organization and not by teams, departments or individuals.
Through clear policy and regular training, business need to make a point of educating employees on data ownership. Employees need to be made aware of their responsibility when it comes to protecting company information.