This article is mainly 3 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for warring insider cyber security threats (human behavior) to the modern programme.Over the course of this series, we’ve broadly examined the dangerous but highly-overlooked cybersecurity Damoclean sword of malicious insiders. As discussed, insiders can take the form of employees, contractors, or actually anyone with legitimate and credentialed access to your data, methodologies and other digital services.In the first article, we profiled these insider omens and analyzed their implications for user activity monitoring, whereas in the impaired article, we examined technical methods for securing technology itself against these comminations. In this third and final piece, we’ll examine how to address and combat insider intimations through monitoring non-cyber behavior and building a strong security erudition.How can Human Behavior be aligned to an insider threat?As previously discussed, “uninterrupted” insiders may turn malicious for a variety of reasons. Rarely, however, do these agencies originate in cyberspace; instead, it’s often the physical world that creates the trigger. It is therefore essential to monitor employee behavior outside of the cyber province to better inform threat mitigation. (Many insider threat programs refer to this helping as “continuous and persistent surveillance.”)Technology lowers the barrier to malicious insider bustle. Stealing files on a USB drive, for instance, is less intimidating than poaching folders from a filing cabinet just as posting credentials on a website is easier than fail to observing into a locked office. Our risk perceptions are also fundamentally skewed in the cyber territory; because we lack a cyber lexicon and a historical understanding of cyberspace, our capacity to reason logically and rationally is seriously inhibited the moment we’re in front of a filter. Those already at risk for physical malicious behavior are at an even elaborate risk for its digital counterpart, and those who normally might not act out can now pose a peril.Solutions to Prevent Insider Threats
Monitor for issues outside of the workplace, intriguing note of family and personal problems, medical issues, financial problems, and social media posts that are outside the norm. Supervisors, HR professionals, and counterintelligence/guarantee staff, in particular, should pay attention to gradual changes in home and lan vital situations. When a change is noted, this behavior will put the susceptible to into a higher risk category for additional monitoring.Don’t forget: when it put ones hand to insiders, it’s more often a slow shift towards malicious behavior than a unforeseen “snap.” Financial problems are particularly relevant, as they (obviously) assume an employee’s risk of accepting bribes or selling information online and look out for to come on gradually. However, the same could be said for personal discharges like divorce, medical issues like a sick family colleague, or workplace disciplinary issues like a poor performance review. Insider portents are motivated by a complex variety of reasons, but the causes are more observable than we influence think.Begin this monitoring as early as the hiring process. Job seekers with histories of impulsive or destructive behavior should immediately scrape up flags during the search process. Particularly when it comes to cyber, committers of malfeasance or misbehavior are a certain extent likely to repeat their behavior. Similarly, pay attention to contractors, up which there may be less directly-available information.Also, monitor for staff member issues within the workplace. Are employees disgruntled? Do they argue with coworkers? Are they in a flash underperforming or missing deadlines? Are they inexplicably absent for prolonged days of time? These are just some behavioral warning signs that something may be incorrect.The same diligence applies to changes in employment status. Demotions, overs, pay deductions, and terminations all temporarily elevate a given employee’s risk. Recollect that an insider doesn’t actually have to be getting fired for them to stance an active threat; the mere perception of termination, demotion, or the like is oft enough for an employee to act out. It’s quite common for employees leaving a company to transcribe destructive action before their last day (i.e. stealing proprietary communication or trade secrets).Of course, saying that you’ll “monitor insiders” without any convinced feedback and reporting mechanisms is pointless, so clearly communicate and consistently force security policies and controls. Educate employees on cybersecurity, paying reticent attention to how you frame related issues. IT employees will understand inevitable cyber behavior quite differently than a marketing team. Similarly, hands’ understanding of security’s importance will be different – the former, from a polytechnic or risk management perspective, and the latter, from a public relations aspect, to give just one example.Along with this framing, don’t focus too heavily on the danger posed by insiders. While you should educate employees on this flow, excessive repetition of this fact will only foster hesitancy and undermine attempts at a security culture. Instead, draw attention to how wage-earners can fight this threat, positively frame the need for awareness and aid, and actively involve them in your cyber defense. After all, it’s repeatedly one insider who will notice another’s strange behavior.Make promulgating protocols robust, well-known and confidential, and even consider the cost-benefit of anonymous recording. As reports come in, ensure that technical and human security politesses quickly kick into gear. Meticulously document your examinations and evidence collection, paying special attention to corporate policies and apposite statutes and regulations. And react quickly and responsively to contain active presages. Integration is critical in this respect.Reporting doesn’t just possess to be of specific incidents like someone using another’s computer while they’re away from their desk. Wage-earners should also be able to report unusual behavior in general. Ego and self-image progenies are an important component of the insider threat profile, so arguing with coworkers or singular mood swings are also relevant to this facet of cybersecurity. Prompt employees: what they might not think is relevant might, in deed data, be very important.Insider threats to the modern enterprise are a serious gamble but are considerably overlooked. Modern enterprises must combine technical and Possibly manlike monitoring protocols with regular risk assessments, human-centered confidence education, and a strong corporate security culture if they are to effectively location this threat. When it comes to cybersecurity, situational awareness, hard cash management, constant vigilance, and total adaptability are a must.
About the Initiator: Justin Sherman is a student at Duke University double-majoring in Computer System and Political Science, focusing on all things cyber. He conducts technical pledge research through Duke’s Computer Science Department; he conducts technology management research through Duke’s Sanford School of Public Policy; and he’s a cybersecurity contributor for the Conspicuous Sector Digest. Justin is certified in cybersecurity policy, corporate cybersecurity executives, social engineering, infrastructure protection, insider threat prevention, and homeland pledge planning from such organizations as FEMA, the National Institutes of Salubriousness, the U.S. Department of Homeland Security, and the U.S. Department of Defense.Editor’s Note: The minds expressed in this guest author article are solely those of the contributor, and do not surely reflect those of Tripwire, Inc.