Inside Out Versus Outside In View
From information leaks to stolen personal information, there is no doubt that insider attacks have become a serious cybersecurity concern. As with all cybersecurity practices, whether external or internal, it is critical to identify incidents before they occur rather than analyze events after the damage has been done. That’s why it’s important to not only implement solid perimeter protection for external intrusions, but also shield systems from internal threats.
While cyber threats continue to loom, organizations can take steps to create a defensive and, most importantly, offensive security posture. The approach of monitoring endpoint activity – at the user, device, and data level – can enable organizations to collect and correlate information about actions that indicate risky precursor behavior and in turn initiate an appropriate countermeasure.
Customer Stories: Discovering Unknown Issues
New insider risk use cases are constantly emerging, highlighting the gaps in companies' cybersecurity postures when they fail to fully consider the endpoint and endpoint user's actions. Imagine your organization as a dark room. Each security tool used shines a flashlight into a different area - IAM, anti-virus, web filtering, email security, etc. This may illuminate more areas, but without visibility into the end user's actual endpoint activity, there will always be a dark corner hindering security.
Below are two excellent examples of cases where available cybersecurity and network-based security tools failed in exposing critical risks taking place in that dark corner of the room.
innerActiv Wins Global Infosec Award: Best Solution for Insider Threat
innerActiv is honored to have been recognized by Cyber Defense Magazine as the winner of the 11th Annual Global InfoSec Award as Best Solution for Insider Threat Detection announced at this week’s RSA Conference 2023.
Pentagon Leak Shines a Spotlight on Insider Threat
The recent headline featuring the leak of classified pentagon documents is this month’s high-profile example of the growing insider threat phenomenon that is occurring more regularly than most people realize both in the public domain as well as the private sector. With an arrest and investigations underway to determine the full scope and implications of the leak, it is shaping up to be one of the most damaging breaches in years.
In the aftermath, the situation also raises questions about the procedures the U.S. government has in place or is taking to protect sensitive information and ultimately safeguard national security. While many US agencies have improved their capabilities to detect anomalies in the movement of data, an insider risk management solution is the only way to truly analyze and predict evolving risk originating from inside actors – employees, partners, vendors with legitimate access to systems and sensitive data.
Getting Started: Insider Risk Management
Sometimes, the lack of knowledge can be the most serious security risk your organization faces. It is no longer a hidden fact, that insider misuse, either intentional of unintentional, constitutes grave consequence to organizations. Yet, insider threats are more difficult to identify and prevent than external attacks. They are often below the radar of conventional cybersecurity solutions such as firewalls, intrusion detection systems and anti-malware software. Because the insider already has valid authorization to data and systems, it’s difficult to distinguish between normal and harmful activity. For example, if an attacker logs in via an authorized user ID, password, IP address and device, they are unlikely to trigger any security alarms.
No matter the intent, the end result is compromised confidentiality, availability, and/or integrity of enterprise systems and data; and the value of sensitive data and information to organizations is higher than ever.
ChatGPT: A new insider threat use case
Since ChatGPT became available for public use last November, it’s presented questions for employers about use cases and how best to incorporate the tool into the workplace and maintain compliance. Confidentiality and data privacy are the primary concerns for employers because there is the possibility that employees will share proprietary, confidential, or trade secret information when having conversations with ChatGPT. Internal threats, whether on purpose or by accident, will also arise as a result.
Surreptitious Spyware versus Insider Risk Management
On Monday, President Biden signed an executive order limiting the purchase and use of commercial spyware by U.S. government departments and agencies. While the new order doesn’t entirely prohibit spyware, it lays out the criteria for which uses could be disqualified; and suggests that a case-by-case basis review will be required to allow agencies to acquire the technology for nonoperational uses, such as testing it for research or cybersecurity purposes.
This new executive order is part of an effort to improve cybersecurity and protect against malicious cyber activity. More specifically, it is to get ahead of the problem and set standards for other governments and its allies, which buy and deploy commercial spyware. It is also intended to ensure that government agencies are not engaging in activities that could be used to target and exploit vulnerable individuals or organizations.
Important to note, the directive targets spyware, not the array of cybersecurity tools commonly deployed within federal or local government or enterprise organizations for mitigating external or internal threats.
The Danger of Privileged Access and Users
Privileged accounts and privileged access are necessary to every business today. This role-based security model provides users with different levels of access that ensure an IT team can administer and manage the organization’s systems, infrastructure, and software, while also enabling employees to access the applications and data that allows them to perform business tasks.
While important to every organization, privileged accounts are also the most likely to be a threat and targeted by cyber criminals. This is because they allow the attackers to easily move around the network, accessing critical systems and sensitive data while remaining undetected and cleverly hiding their tracks.
Three Reasons Your DLP Strategy Needs to Evolve
For anyone who has worked in cybersecurity, the term “DLP” is a very familiar one. DLP, data loss prevention (or protection), became a must-have security tool decades ago and, since that time, has evolved into a blanket term covering all types of software. Everything from Identity Access Management (IAM) to time-tracking, EDR to CRM adds DLP to their list of features and benefits. It’s no surprise that many may also assume that the all-purpose “DLP software” can address their insider risk concerns. However, there are a number of weaknesses to bear in mind when considering DLP as a possible solution for insider risk and improving your overall security stance.