September is National Insider Threat Awareness Month. While many companies underestimate the risk of insider threats, they are increasing at alarming rates. A study by the Ponemon Institute found a 47% increase over the last two years. Any comprehensive security strategy needs to account for insider threats and examine how security solutions, such as privileged access management (PAM) solutions, can help reduce the risk of insider threats.
What Are Insider Threats?
An insider threat is anyone (employee, contractor, 3rd party partner) with authorized access who uses that access to wittingly or unwittingly harm the organization and its resources. Many people think of insider threats as malicious – an insider agent or disgruntled employee. But a report from SolarWinds found that 62% of enterprise IT and non-IT-respondents cite user errors as the top insider threat. Many insider threats originate from negligence on an employee by falling for a phishing attempt or clicking on a suspicious link that includes malware. Unwittingly, someone within the organization has become a threat. These ‘errors’ happen during the daily course of business.
Whether it is intentional or unintentional, finance, customer service, research/product development teams are most vulnerable to insider threats. Fraud, money, and intellectual property theft are major driving factors of insider threats. More importantly, insider threats can be hard to recognize and bring under control. It takes an average of 77 days to contain an insider threat and can cost hundreds of thousands of dollars (if not millions).
Regardless of where the threat comes from, it poses an immediate risk because these individuals already have access to your network, documents and folders. If the individual is a privileged user with elevated credentials, this created an even great risk. An insider threat with privileged credentials can access your most sensitive company and customer data. They can modify, destroy or steal your data. They can move laterally through your business network, evade detection and cause serious damage to your business reputation and put your company in violation of compliance regulations.
5 Tips To Protect Against Insider Threats
While the risk of insider threats may be increasing there are several things you can do today to help to protect your organization.
Implement secure remote access gateways – With the pandemic, more people are working remotely and accessing systems and data from home offices or elsewhere. This increases a company’s risk as traditional VPNs have vulnerabilities. Instead, companies need to set up a secure remote access gateway for anyone with an elevated credential – especially IT admins. Xton Access Manager (XTAM) can be used to create a security perimeter across your IT environment and forces remote users to go through XTAM to access corporate systems. This provides added security that companies need when addressing remote access and privileged credentials.
Use Secure, Central Vaults for Privileged Credentials and Passwords – By now, we all know the importance of strong passwords. Yet, passwords remain a challenge. Many employees still share passwords or write them down. Entire teams use shared passwords to access third party systems. When it comes to privileged credentials, PAM software includes secure vaults for locking down and managing passwords and credentials. Use a vault for your most sensitive credentials including applications, sensitive data/systems, root accounts and other critical systems. When combined with the PAM session broker capabilities, companies can set policies to ensure privileges users never see passwords and have time limits.
Least Privilege Approach – All companies should take a least privilege approach of restricting a user’s access to only those resources/permissions required to perform their job effectively. For example, someone in marketing should not have access to financial applications. PAM tools allow enterprises to create role-based access controls. This allows IT to control privileges based on a user’s role. Using roles-based policies, companies prevent privilege escalation, control access to systems and data based on roles and reduce risk.
Ensure Secure Third-Party Access – According to one report, 15% – 25% of insider threats are from authorized/trusted third-party partners. These trusted partners have access to your cloud and network systems anytime, anywhere on any device. Just like remote workers, this partner access can create security risks. By implementing a secure access gateway for partners or contractors, you can provide secure access control while also reporting on user activity. This reduces risk while also meeting any regulatory controls.
Revisit Offboarding Policies – When employees leave a company, policies need to be in place to ensure the person can no longer access systems and data. While companies do this for regular employees, what about IT admins? These are not regular users. Administrators know your systems, where information lives and where the shortcuts are. Luckily companies can use privileged account access automation to help with offboarding. It can be used to discover privileged accounts on the network, lockdown orphaned accounts, and remove or reset credentials for the user accounts. By automating the offboarding process, companies can remove access permissions quickly as employees leave an organization.