According to the latest 2022 'Global Cost of Insider Threats Report' released by Ponemon, the enterprise security risks caused by internal threats are constantly increasing. 60% of companies worldwide experienced more than 20 internal attacks in 2021, a rapid growth of 53% compared to 2018. There are many types of internal threats, ranging from dissatisfied employees, ransomware victims, and users with weak cybersecurity awareness, to those with advanced access privileges to sensitive data and systems on the company's network, including system administrators, network engineers, even CISOs, all of whom may pose threats and damage to the enterprise.
How can enterprises effectively regulate internal threats and prevent damage from within? The following are common types of internal threats and best practices for responding to threats:
1. Employees with weak cybersecurity awareness
Employees with weak cybersecurity awareness are sometimes referred to as 'security evaders.' They may intentionally or unintentionally violate rules and ignore the company's security measures. They often use shadow IT, share files insecurely, use wireless networks insecurely, post information on forums and blogs, apply patches incorrectly, ignore security policies, and leak company data through email and instant messaging (IM), posing potential threats to the enterprise.
CountermeasuresEnterprises should conduct cybersecurity awareness training and meticulously build a corporate security culture. By monitoring shadow IT, implementing best practices for secure file sharing and permissions, using client or server-based content filtering, adhering to patching best practices, requiring secure network connections through VPN or zero-trust frameworks, using Wi-Fi Protected Access 3 (WPA3), and disabling unnecessary Bluetooth, among other security measures, enterprises can manage employees' network behavior.
2. Attackers who steal the login information of legitimate users
Attackers who steal the login information of legitimate users are one of the main causes of data breaches. The login information of legitimate users often leaks through the following channels: phishing and social engineering tactics, brute-force attacks, login information leakage, keystroke logging programs, man-in-the-middle attacks, dictionary attacks, credential stuffing, and password spray attacks. These leaked login information of legitimate users may lead to malware infections, data breaches, and ransomware attacks, among others.
CountermeasuresEnterprises can mitigate this situation by using appropriate email security controls, email security gateways, and email filtering. It is required that users employ strong passwords/passphrases, and ensure that the company's password policy has clearly defined these requirements; users should use multi-factor or two-factor authentication, adopt privileged access management and the principle of least privilege (POLP), and regularly review access to verify user access rights. In addition, enterprises should introduce employees to warning signs of phishing scams to enhance their awareness of prevention.
3. Disgruntled employees
Disgruntled employees can be current employees or former employees. These internal personnel have ill intentions and often attack employers out of revenge, destruction, personal economic gain, or simply for fun. Current employees with privileged access rights and former employees who still have access rights after leaving the company or being fired may also steal intellectual property, proprietary data, business secrets, and source code, etc.
CountermeasuresIn terms of management, enterprises can enhance transparency, communication, and collaboration through employee interviews, sign-in, and investigations; in IT, enterprises should regularly hold cybersecurity training and closely monitor user behavior to detect abnormal activities and changes in behavior in a timely manner.
4. Departing employees
Departing employees are one of the biggest internal threats faced by enterprises, mainly due to the possibility that they may leak important company information to competitors. These employees may be malicious, such as stealing company-owned information (such as email addresses and contact lists), or unintentional, such as claiming the results of the projects they worked on when leaving.
CountermeasuresEnterprises should ensure that departing employees are aware that they cannot take company property, closely monitor employees who download excessive data, and execute the departure process to terminate their access rights after the employee leaves.
5. Malicious insider threats
Malicious insider threats, also known as traitors or conspirators, use their login information to steal information or launch attacks for external threats. These internal threats may involve bribery or extortion.
CountermeasuresEnterprises should use the principle of least privilege to limit which applications, networks, and data employees can access. In addition, they can use monitoring mechanisms, zero-trust network access, and behavior analysis to detect abnormal activities.
6. Third-party threats
Third parties with access to the enterprise system (such as contractors, part-time employees, suppliers, service providers, and customers) pose a significant risk to sensitive data. Third-party attacks, also known as supply chain attacks or value chain attacks, put sensitive information and company reputation at risk.
CountermeasuresEnterprises should ensure that third parties are trustworthy, review their background, and only allow access after confirming their reliability; implement a comprehensive third-party risk management plan; limit third-party access through the principle of least privilege; regularly review third-party accounts to ensure that system permissions are terminated after work is completed; use monitoring tools to detect third-party threats.
Reference link:
https://www.techtarget.com/searchsecurity/tip/Five-common-insider-threats-and-how-to-mitigate-them
评论已关闭