Insider threat awareness month occurs each September in the U.S. This is a collaborative effort between the National Counterintelligence and Security Center (NCSC), National Insider Threat Task Force (NITTF), Office of the Under Secretary of Defense Intelligence and Security (USD(I&S)), Department of Homeland Security (DHS), and Defense Counterintelligence and Security Agency (DCSA) to emphasize the importance of detecting, deterring, and reporting insider threats.
Some useful insights about the 2023 event and its main themes comes from Neil Jones, Director of Cybersecurity Evangelism at Egnyte.
Jones assesses the state of play when it comes from insider risks and the broad changes seen throughout the industry: “In the past few years, organizations have dramatically improved their cyber-preparedness by investing in cybersecurity training, intrusion detection systems, encryption technologies, and more.”
In terms of the structural weaknesses with the strategies adopted by organisations, Jones assesses: “The industry’s focus on external cyber-attacks has overshadowed the risk from one of the most prevalent data breach vectors – insider threats.”
Indicators of a potential insider threat can be broken into four categories. These are: indicators of: recruitment, information collection, information transmittal and general suspicious behaviour.
This is to the extent that: “Most companies don’t realize that their regular employees, privileged users, administrators, and third parties can represent a much more significant – and knowledgeable – risk than external cyber-attackers.”
Drawing on case material, Jones puts the level of risk into context, noting: “Unbelievably, a substantial 56 percent of insider incidents result from employee or contractor negligence, making it the most common cause of security breaches.”
In terms of examples, Jones mentions: “These oversights can include sending sensitive information to the wrong recipient, misconfiguring settings, or adopting unsafe practices.”
In terms of how to react to this information, Jones asserts: “Organizations must implement a strategy that focuses on prevention through ongoing security awareness training and strict access control while leveraging advanced analytics tools for the early and informed detection of unusual activities.”
Looping back to the September events, Jones says: “Insider Threat Awareness Month highlights the need for organizations like yours to be continually vigilant and proactive in combating internal risk.”
Distilling the actions that organisations should be considering down to the essentials, Jones recommends: “You can start by safeguarding your assets, limiting file access based on users’ ‘Business Need to Know,’ conducting comprehensive awareness training, and adopting a proactive stance toward detection that’s updated on a regular basis.”
