From Behavior Analytics to Security Education: 4 Ways Organizations Should Mitigate Modern Insider Attacks

While the stakes for private sector organizations differ drastically from governments that have to protect state secrets like hacking tools or nuclear technologies, businesses do have their own needs for Data Loss Prevention measures.

Organizations can face the threat of data like their intellectual property (IP), source code, customer details, Personally Identifiable Information (PII), financial info, and many other types of information being stolen or corrupted. We have also seen ransomware crews attempting to bribe insiders for gaining a foothold in the IT systems for their attacks.

In light of these risks, we have outlined here below a couple of measures that organizations can take to improve their cybersecurity posture. 

Preventing data loss from malicious insiders takes a combination of practices and technologies. Here are a few tools that can help your team to detect a potential insider.

It is important to note that not everything is always as it seems. A loyal employee may have their accounts taken over by external hackers, who can then use the accounts for their own purposes. This means that even if you are doing everything right on the human-to-human end of the equation, you still need to be vigilant on the technology front.

1. Monitoring and Logging Tools

Start with the most basic of the basics. Understanding who is doing what in your systems can be a useful step in improving your security posture. 

Logging is meant less for real-time alerting, but it is essential for going back after an incident occurs and you need to investigate.

But these logs only really help if you have them in place before an issue happens. So if you do not have a logging solution there already, now is the time to get that in place.

2. User Behavior Activity Analytics

As alluded to above, this is the technology that you use to create a baseline of what constitutes normal behavior then pick up on actions that seem out of place. 

Your User Behavior Analytics (UBA) solution should look at factors such as the kinds of files being accessed, time of day, and others to define how things should look and what represents breaks of usual patterns. 

This tech can be useful for many scenarios, but here are the two that help to explain its usage: 

a) If a user tries to step out of bounds to reach data that they should not. This might occur if they are trying to cause significant damage and attempt to get around the segmentation of information that is legitimately made available to them 

b) If their account is compromised by an external attacker who tries to move laterally to reach more private data. 

One way to think about UBA is as the operationalization of the logs, implementing an intelligent approach to its utilization.

3. Policy and Rules Engine

For those looking to take a more proactive stance in cases where security is at a real premium, there is the option to set policies and rules that trigger action if violated. 

This can include alerting, blocking, and even locking a user out if this tripwire gets hit. 

There are advantages to this since it can stop significant harm to sensitive assets, but it needs to be used carefully. It can add friction to productivity, so apply the more intrusive measures sparingly. 

4. Establish a Threat Model

Adopting the tools listed above can help organizations to better monitor and protect themselves from data loss. But a good security posture starts with performing a threat model assessment to understand what are the right measures for them. 

This means identifying what your sensitive assets are, who is likely to be your adversaries (and to what extent you need to ratchet up protections to defend against them), and where your potential exposures are likely to be so that you can give them extra protection.

Gaming out your threats, monitoring them, and putting tools in place to alert you to suspicious behavior is all a part of strengthening your overall security, business intelligence, and effectiveness.

In addition to layering all available protection elements to bolster your defenses against an insider threat, it’s also important to ensure team members from SOC analysts to every day employees within the organization who have access to important data receive ongoing training. Certified programs like Teramind Academy help critical team members to maintain awareness and vigilance by staying attuned to the latest tools, methods and solutions at their disposal to guard against negligent and malicious insider threats alike.

Keep your workforce informed and protected

Source link

Isaac Kohen