Know your enemy from inside
An insider threat is a malicious threat to an organization that comes from the trusted layer within, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.
The trusted layer comprises from various types of users who are entitled with privileged access to review, modify and operate the organisation's data and infrastructure. These are potential employees, management level and contractors.
Types of insider threats
There are two distinct insider threat personas: the Negligent Insider and the Malicious Insider. The Negligent Insider is someone who accidentally exposes data and did not intend to do anything wrong, or the employee who knowingly violates the company’s security policy for convenience’s sake, but does not do so maliciously. The Malicious Insider intentionally sets out to harm the organization either by stealing data or damaging systems.
The CERT Insider Threat Center at Carnegie Mellon University reports most of the incidents fall into one of three categories:
IT Sabotage: destruction of data or systems
Fraud: theft of confidential data from the network for financial gain
Theft of Intellectual Property: theft of IP in order to gain a competitive advantage or business gain
Protecting your systems and information requires implementing technology that monitors data and network activity from the inside-out. Traditional security solutions are developed to identify and prevent outside attackers from getting into the network, but are ineffective against the insider threat.
Just as importantly as technology that enables real-time monitoring of the network to identify suspicious insider and outsider activities, is employee education and training on how to avoid activities that expose data and provide them with best practices on how to identify and manage insider threats.