How to manage and mitigate insider threats?

Cybercrime is big business, and it’s becoming more of a threat every day as more and more people and devices connect to the internet. In July 2016, the UK’s National Crime Unit found that cyber crime had overtaken ‘traditional’ crime for the first time, with over two million incidents of computer misuse that year.

Where cyber crime is concerned, people can often be the weakest link in the security chain. But with a little work, they can also be your greatest asset.

Take a holistic view

By looking at the issue of security holistically, it is much easier for boardrooms and businesses to consider the vast extent of the threat landscape. Only by judging the entire business and everyone in it can you thoroughly prepare for attacks and mitigate the threats. Looking at the technology alone will not provide enough insight to effectively analyse your security strengths and weaknesses.

>See also: Why insider threats are the next big security challenge

When assessing personnel, consider how much access they should have, what data they control and influence, and run background checks on new employees before granting physical or logical access to facilities, systems or data. Also, identify which people within the business have significant information system security roles, and ensure the process for documentation is comprehensive and regularly updated.

Make sure your internal approach flows to your suppliers too. Cloud computing extends insider threats from your own organisation to include potential threats from contractors and business partners with access to your network, systems or data too. If you can, think about how their business might change and consider asking them to show you how they intend to follow your policies.

Thinking about the whole pie will allow you to prepare as much as possible for potential threats, and having a strong overview will quickly alert you to where internal training or process is necessary to prevent your business becoming an easy target.

Get the essentials right

Getting the essentials right goes a long way to providing resistance to attacks. If you can increase the cost of an attack and reduce its ease, making criminals look elsewhere for financial gain can be one of the most effective attack prevention methods.

Teaching staff to be aware of how criminals work and where potential threats and attack touch-points are, is just as important preparation as the technology you use. Keeping software up to date, using strong passwords and making regular backups sounds simple, but in many cases ensuring this happens involves changing the way employees think and behave. For example, the most common password is still password123.

>See also: Insider threat detected: now what? 

Only by training your people in security, consciously raising awareness, and by running campaigns to get key messages across can you slowly change this behaviour. Security training courses should be mandatory for all new joiners, and refresher courses scheduled for current employees – across all levels of the business.

Extend these awareness training programmes to your contractors and third-party users too, to ensure that every individual with access to your data has received training in your organisational procedures, process and policies. These methods in particular can help employees defend themselves against threats like phishing or spear phishing attacks.

Integrate complex defences

For more complex defence mechanisms, looking to a service provider can be an effective solution if creating or managing them internally is a financial burden. Using solutions like device and identity access management can put up strong layers of protection against attackers looking to get in and move around a network or system.

>See also: The insider threat: 5 things to do if your employee has gone rogue

Solutions that provide audit logs for privileged user access activities, authorised and unauthorised access attempts, system exceptions and information security events are also important to maintain oversight over system operations.

Additionally, using services with behavioural analytics provides another major line of defence as it can address issues including IP and data loss, employee flight risk and be used in the event of employee compromise.

Emphasise responsibility

Make sure everyone has a responsibility for cyber security, not just the IT people. Basic common sense for all employees (especially the leadership) is essential.

Two of the greatest mistakes companies make is allowing their employees and leaders to believe ‘it will never happen to me’ and that cyber security is something handled by the IT department.

>See also: Insider threat: most security incidents come from the extended enterprise

Educate your employees to understand they are at risk, but that they can also be the masters of their own protection. Vulnerabilities exist everywhere, but by changing employee attitudes to emerging threats, preventing attacks that happen as a result of insider carelessness or error will become much more efficient.

From the board down, it is important for organisations to change how cyber security is perceived, and consider the reality of insider threats alongside technological ones. Integrating personnel management processes in partnership with technological security solutions is essential if we are all to reduce the threats and risk that people represent to the businesses they work for.


Sourced by Luke Beeson, VP Security UK and Continental Europe, BT


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...