The news or the media are always reporting that outsider threats are the main source of cyberattacks, but who is actually looking at the employees on the inside? What are all these people doing? Is anyone monitoring what the system administrators are doing and ensuring they are not downloading every episode of “House of Cards” under the sun because they can and because they have ‘privileged account management’?
Organisations are so quick to point the finger at ‘outsiders’ who are always generating bad media affairs because they are on point for performing sophisticated cybercrime.
But what interests me the most about insider threat is the psychology behind why employees do what they do. Perhaps they believe having privileged access to sensitive information could advance their career, perhaps not. Who actually knows? But there are mechanisms to identify user activity.
There are a few potential reasons why insider threats are going next level nowadays. Sometimes it is not always an intentional ‘crack’ at the organisation. It can sometimes be by accident or lack of security awareness and failure to undertake correct security procedures.
For example, an employee could be sitting down in a coffee shop utilising the public free Wi-Fi (most people generally opt for this option anyway). The employee could have no intention of performing any malicious intent to the business. However, anyone with malicious intent within range could piggyback on the employee’s signature to gain access to confidential information. In this example, this employee probably did not set out with the wrong intention of jeopardising the company’s confidential information.
However, another example could be that when the cyber forensics team investigate the logs and see that the same type of behaviour was a frequent occurrence and data leakage was taking place through various mechanisms, it is probably safe to say that this was an intentional offence. User-based activity can always be traced and, therefore, assumptions can be made on individuals.
Once the unethical behaviour has been detected, organisations should undertake the correct protocol to ensure that this behaviour is stamped out immediately.
Organisations engender trust with their clients; they should also be engendering trust with their insiders. Organisations need to understand human behaviours and be across potential defects that insiders make and intrinsically understand why this is happening.
Information security teams need to have a comprehensive understanding of privileged account management and monitor these individuals through appropriate controls to ensure they maintain strong integrity.
Senior management should be taking it upon themselves to ensure they are responding appropriately and looking for trends in behaviour; organisations are now gathering this through artificial intelligence.
So, do not always point the finger straight away and play the blame game, but instead understand what employee activity is going on. Privileged account management users need to have appropriate controls in place to monitor their level of access. Organisations should be aware of these types of insider behaviours and ensure the correct security policies and procedures are embedded to protect the organisation’s integrity and reputation.
When data leakage occurs, it is not always for a bad intent, but if organisations are not aware of what their employees are doing it is quite easy to blame them and then in turn organisations lose their employees’ trust.
Organisations should be advanced enough to identify a misdemeanour and distinguish that from an accident. Do not be so quick to judge, but ensure the business is performing the correct procedures to eradicate this type of unethical behaviour.