Insider Threats: How to Counter Internal Cybersecurity Risks
If you ask people about cybersecurity, they will probably start talking about hackers breaking into a company's computers from hundreds of miles away. However, a threat just as destructive could be hiding inside that company's offices.
These insider threats typically fall into two groups. The first group consists of careless employees who fail to properly secure their computers. The second group includes malicious workers with insider access. These people either steal information from within an organisation or allow cybercriminals to access their company's networks.
Recognising Insider Threats
After studying cases of insider threats, fraud, and embezzlement, criminologist Donald Cressey developed the Fraud Triangle theory. He claimed that these types of crimes occur when three elements are present.
First, the criminal must feel pressure to commit the crime, either out of greed or desperation. For example, an employee who is in sudden need of a large amount of money might be tempted to participate in an insider attack. The inability to pay for a substantial medical bill is often cited as a popular example of this situation.
The other two elements in the Fraud Triangle are opportunity and rationalisation. To commit the crimes, the perpetrators must have the ability to do so. However, they must also convince themselves that their actions are acceptable. This rationalisation twists the event in such a way that they do not consider it a crime. Instead, they usually convince themselves that they are just borrowing the money or that the company deserves the attack because it is corrupt.
To identify these elements of an insider threat, organisations need to pay attention to their employees' actions, character traits, and personal circumstances. To this end, the U.S. Computer Emergency Readiness Team (US-CERT) — a division within the U.S. Department of Homeland Security — published the Combating the Insider Threat report. It lists character traits of insiders who are at risk of becoming a threat. The traits include:
- A sense of entitlement
- A lack of empathy
- An inability to assume responsibility for their actions
- A weak sense of loyalty toward the company
- An inability to accept or tolerate criticism
While displaying a couple of these traits is fine, anyone who exhibits many of them should be flagged as a possible risk.
There are also behavioral signs that can point to an insider threat. If staff members work at odd hours without authorisation, remotely access the company's network while on holiday, or unnecessarily copy documents, they may be preparing for or participating in an insider attack.
Defending against Insider Threats
Out of the three elements in the Fraud Triangle, companies have the most control over opportunity. By following the principle of least privilege (i.e., limiting employees' access to the minimal level that will allow them to perform their job duties) and using access control tools, organisations can more effectively prevent incidents involving insider threats, according to the Insider Threat Study.
As part of these efforts, you should record when employees access the company's network and how many files they typically handle. This will help you discover when staff members are, for example, printing files in their off-hours or saving a substantial amount of files to a USB drive. Similarly, managers should set up a schedule for reviewing employees' network access levels.
You can address the rationalisation and pressure elements of the Fraud Triangle by regularly interacting with your employees. Set up feedback forms and anonymous surveys so that they can express their frustrations constructively. For this strategy to work, you have to tackle these complaints in an open and honest manner. Companies can also improve workplace morale by instituting a program that recognises and praises outstanding employees. A warm attitude toward staff members makes it less likely that one of them will attack the company out of spite or anger.
Since insider threats sometimes stem from carelessness or a lack of understanding, it is also important to educate employees about cybersecurity. You need to develop an IT training program that will teach your staff members about how to use their computers in a secure manner.
About the Author
Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.
Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support, which are: Poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.
We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.