The greatest threat to an organisation is no longer the hacker attacking from beyond the physical and network walls but the insiders already within those walls, and equipped with an all-access pass. An insider threat may be a malicious employee or stakeholder who consciously or unwittingly exfiltrates data, sabotages IT systems, or manipulates data and systems, or be a former employee, board member, or anyone who at one time had access to proprietary or confidential information from within an organisation. Contractors, business associates, and other individuals or third party entities who have knowledge of an organisation’s security practices, confidential information, or access to protected networks or databases also fall under the umbrella of insider threat.

Insider threat events are infrequent than external attacks but they usually pose a much higher severity of risk for organisations when they do happen. In one study by Gartner that examined malicious insider incidents, 62 per cent involved employees looking to establish a second stream of income off their employer’s sensitive data, 29 per cent stole information on the way out of  the door to help future endeavours and 9 per cent were saboteurs. Information of huge value measured is stored digitally and insiders put that value at risk. Cases of trusted insiders who abused their privileges to remove data include theft and disclosure of classified information by Edward Snowden and exfiltration of several million files from the secure network of GE Healthcare by Jun Xie.

The insider threats are often disgruntled employees or ex-employees who believe that the organisation has ‘done them wrong’ and feel justified in gaining revenge. Ponemon reported that 43 per cent of businesses need a month or longer to detect employees accessing files or emails they’re not authorised to see and 62 per cent of business users report that they have access to organisation data that they probably should not see. As a result, when they break policy accidentally or choose to steal, their actions stand to do a tremendous amount of damage to an organisation. The risk posed by insider threats, along with some of the common shortfalls in IT security, unnecessarily expose organisations to higher insider risks.

Unwitting accomplice

More often, the insider is an unwitting accomplice who falls prey to social engineering and clicks malware in a phishing email. 45 per cent of IT executives say malicious insider attacks is one of the email security risks they are most ill-prepared to cope with, according to a study by Mimecast. In the cyber-attack against Ukrainian power companies, malware implanted through a phishing email targeting IT staff and system administrators allowed malicious outsiders to gain insider access to the system. This also applies to an outside person who poses as an employee by obtaining false credentials. They obtain access to the computer systems or networks, and then conduct activities intended to cause harm.

Insider threats often begin with an individual or entity being given authorised access to sensitive data or areas of a company’s network. Many individuals with authorised access are also aware of certain security measures which they must circumvent in order to avoid detection. When an individual decides to use this access in ways other than intended – abusing privileges with malicious intent towards the organisation – that individual becomes an insider threat. Insider threats also don’t have to get around firewalls or other network-based security measures since they are already operating from within the network. For instance, a former employee using an authorised login won’t raise the same security flags as an outside attempt to gain access to a company’s network.

Businesses are built on teams and require counterparts to trust and support one another, making it difficult for colleagues to acknowledge warning signs and red flags when they are present. This further complicates the challenges that exist in successfully defending against insider threats. Often, warning signs are present but may go unreported for years because colleagues of these individuals are unwilling or hesitant to accept the idea that a trusted co-worker could be engaged in treason. Insiders convicted of espionage have often been active for years prior to being caught, leading to incomprehensible security risks within the organisation.

Often difficult to detect

Organisations overwhelmingly continue to direct security funding to traditional network defences that fail to prevent damage from insiders. However, there is an overall lack of knowledge and visibility into user access and data activity that is required to sufficiently detect and defend against insider threats; the nature of insider threats is different from other cybersecurity challenges; these threats require a different strategy for preventing and addressing them. Hence, the insider threats are often more difficult to detect and block than outside attacks.

Insider theft and negligence are real – and so are the practices that amplify the risks. If the organisations wish to protect themselves from insider threats, addressing insider threats to sensitive data is a critical component of any modern security program and the security strategy should combine comprehensive data on user and system behaviour, advanced analytic tools and automated incident-response. Organisations should also implement user activity monitoring, privileged user monitoring, and third party monitoring to detect cybersecurity incidents which are unintentional. And with a little education and an Insider Threat Programme  an organisation can reduce these security incidents in half. Organisations will have to balance privacy and security, while the government will have the added responsibility of regulating privacy.

(The writer is a Governance, Risk and Compliance professional and Director at Layers-7 Seguro Consultoria Pvt Ltd. He is the founding member and Secretary of the (ISC)2 Chennai Chapter and a board member of the (ISC)2 Colombo Chapter. He can be emailed at  sujit@layers-7.com)

Labouring a point!

Request to appoint ‘outsider’ as CB Deputy Governor

BIA check-in between four-five hours

Conflicting views on SriLankan Airlines’ intended partners

A330 air bus deal sends SriLankan Airlines into a tailspin

Touchwood investors to vote on two options

Complexity of labour

Bleak outlook for what was once the ‘granary of the East’

Using AI for software development effort estimation

First Graphite promotes Sri Lanka’s vein graphite for energy saving gadgets

Six parties eye SLPA’s 3 acre land in Colombo Port

27th J.E Jayasuriya Memorial Lecture

Sri Lanka ranked 12th in the world by IBM for BPO

National strategy for exports being prepared

St. Regis helps save trees with new SLS-certified tea sack

Labour shortage seriously hinders the country’s development progress

Sri Lankan business community free to express views without being penalised

Second batch passes out from TRAc hospitality courses

CEB and LECO ordered to pay interest on consumer security deposits

Govt. to host SAARC meeting on public procurement

Musical instruments, sports goods donated to Sigiriya children by STBC

Homes for children from Give2Lanka

LOLC’s next stop in micro financing – Indonesia

EU seeks 5-yr visas for investors

Citi launches app-based login solution for corporate clients in Asia Pacific

Big data analysing large volumes of data and filters for key decision-making

Agility and speed help win the tech innovation race

Unlocking Sri Lanka’s true potential through immigration

Unions happy with Peace Airways proposal to include their members on SriLankan Airlines board

SL to borrow Rs.375 bln overseas in 2017, up from Rs. 275 bln in 2016

Mövenpick Hotel Colombo holds official launch party

RN Constructions celebrates 20th anniversary in construction

Simplex expands its reach across Sri Lanka

UN tourism agency slams US travel ban on nationals of seven countries

Blue Ocean’s new condo breaks ground in Colombo

Capital Alliance offers high value management trainee/ internship programme

Billions lost in exports as Sri Lanka ‘brand’ drags its feet

Symphony at Jetwing hotels

Sri Lanka’s first international Black Belt in retail programmes this month

IATA grants SriLankan Airlines ISAGO registration

Oliver Impex launches Vijaya Cement for growing construction industry

Interbrand expands in SL thro’ Michel Nugawela

DPL reports steady growth in revenue

Immigration laws to be revised soon to tackle human smuggling

‘AIA Vitality’, a mobile app that brings awareness among public to live healthy and longer

Japanese tea ceremony

Gmail stops working in Google Chrome 53 and Older, Windows XP users left behind

Shouldn’t CEB/LECO give a rebate for early settlement?

Huge potential for Sri Lankan exporters in Maldives

Colombo shopping festival to be organised by local retailers

Watawala Plantations extends winning streak at SAFA Annual Report Awards

Emirates opens access to its premium lounges at Dubai International Airport