Join us June 8th to hear first-hand experiences from Bain Capital’s VP and CISO, Mark Sutton, in our webinar “Lessons Learned Building Bain Capital’s Insider Threat Program.” Register Now
Unintentional Insider Threat:
According to the Software Engineering Institute at Carnegie-Mellon University, the definition of Unintentional Insider Threat is:
(1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization's network system, or data and who, (3) through action or inaction without malicious intent, (4) unwittingly causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability.
When you implement user activity monitoring, privileged user monitoring, and third party monitoring, you'll find that a majority of your company's cybersecurity incidents are unintentional. And with a bit of education - and an Insider Threat Program - you can reduce these security incidents in half.
Types of Insider Threats:
Insider threats occur for myriad reasons. In terms of intentional insider threat, it's generally about personal or financial gain. A person may be willing to sell proprietary data or customer information for profit.
Employees on their way to another company, or even launching their own company could try to give themselves an advantage in a new position by stealing intellectual property, prospect lists, or even proprietary intellectual property.
We also can't forget about disgruntled employees who just want to "get back" at the company before they leave or quit. They could install a Logic Bomb (malicious software uploaded to the organization's computer systems) that could lead to problems ranging from small annoyance to complete catastrophe.
But in terms of unintentional insider threats, you have mistakes and incidents like these below that can be avoided with cybersecurity policy education enforcement and user activity monitoring. Here are just a few examples of the Insider Threats you might be missing by solely relying on log files and endpoint DLP solutions:
- The employee who is downloading email attachments filled with malware
- The Finance Department employee who responds to a pretexting email and transfers funds without voice verification from a C-level manager
- The employee who is tricked into giving his/her credentials by a spoof email
- The employee who sends sensitive data to their personal email in order to continue working from home
- The remote vendor or contractor who uses an unsecure or public internet connection
Yet, given all of the above scenarios, a recent study shows that 42% of companies do not even have a program in place to mitigate insider threats.
Insider Threat Statistics:
The Insider Threat is real, but don't just take our word for it! According to the Verizon 2016 DBIR report:
This year's report found an increase in "phishing" - where an attacker sends an email masquerading as somebody else to fool people into divulging passwords and other information - across many industries. No fewer than 30 percent of phishing messages were viewed - and 12 percent of targets went on to open the malicious attachment or link. Moreover, attacks are sophisticated, often involving a combination of phishing and other techniques.
Some employees are interested in personal or financial gain: a study shows that 1 in 5 employees will sell their work password for money - and 44% of them would do it for less than $1,000. In other scenarios, insiders are working with third parties, such as competing organizations or hacking groups, and then sharing your company's proprietary information and sensitive data accordingly.
More revelations from the Verizon 2016 DBIR Report:
Verizon's breakdown is that 77 percent of internal breaches were deemed to be by employees, 11 percent by external actors only, 3 percent were from partners and 8 percent involved some kind of internal-external collusion which makes them hard to categorize. Annual DBIR reports since 2010 show that in purely numerical terms, internal attackers account for around 1 in 5 successful breaches they have reviewed.
Why You Need Insider Threat Management Software:
The simple fact is that monitoring your employees and educating them on cybersecurity policies is the best way to mitigate Insider Threat. Whether it's intentional or unintentional as soon as employees are informed they are acting out of policy or they know they are being monitored, risky behavior can be deterred - by as much as 80% in some cases.
Insider Threat Management Software also helps decrease the time of detection. When a cybersecurity breach happens, it happens fast. To paraphrase the Verizon DBIR report: in 93%of cases, it took attackers a few minutes or less to compromise systems. Meanwhile it can take organizations without an Insider Threat Program weeks or even months to uncover the fact that an incident had even transpired. More often than not, the data breach will only be found because customers or law enforcement figure it out, not the company's own security measures.
Why You Need ObserveIT:
ObserveIT is a lightweight endpoint solution that is focused on identifying and eliminating insider threats.
By continuously monitoring user behavior, ObserveIT alerts IT and Security teams about activities that put your organization at risk. When out-of-policy behavior occurs, on-screen notifications educate users with alternatives that are secure and compliant with company policy and industry standards. With full video capture and playback of any policy violation, ObserveIT reduces end-to-end investigation time from hours to minutes. No sifting through logs. No combing through data.
ObserveIT Insider Threat Management
There is not doubt that the biggest security problem out there today is people. Whether it's intentional or unintentional, every insider on the network, from business users and privileged users to vendors and contractors, presents a threat. ObserveIT identifies and eliminates insider threats with real-time security awareness, precise visibility and fast investigations.
Real-Time Security Awareness
ObserveIT's on-screen pop-up notifications warn end-users about actions that expose your organization to risk, while educating them with alternatives that are secure and compliant with company policy. Whether a user is accessing a file they shouldn't, copying data to a USB drive, downloading programs, or performing other activities that invite fraud and theft, they will be immediately informed of the policy violation and given an approved alternative.
ObserveIT captures and indexes where users are going and what they are doing so nothing slips through the cracks. The riskiest behavior is displayed and prioritized based on the amount of risk exposure to the organization. It and Security teams will see who did what and have irrefutable video evidence of out-of-policy actions.
With ObserveIT, IT and Security Administrators can rapidly investigate and determine intent within seconds, removing the aruduous task of sifting through system event logs and machine data. Google-like search capabilities make it possible to find suspicious activity and view incidents with dynamic video recording and DVR-like playback. A picture is worth a thousand logs.
ObserveIT can help satisfy compliance requirements for PCI, SOX, HIPAA, and NISPOM. With detailed logs and visual recordings of all user activity, ObserveIT exceeds the strictest interpretation of compliance requirements with conclusive evidence for auditors. Audit reports can be completed in a fraction of the time, with the ability to instantly search, analyze, and view the actual video-like playback of the pinpointed session. Ultimately every compliance violation can be traced back to the specific actions of an employee, privileged user, contractor, or remote vendor.
Start Building Your Insider Threat Program Today. Download ObserveIT & Try It Free for 15 Days!