Light Dark
June 8, 2015 By Veronica Shelley 3 min read
Identity & Access

With insider threats consistently named a key security risk, organizations realize that managing and monitoring user access is a top priority. Insider threats can be caused by honest employees, external contractors working for trusted third parties or a cybercriminal with access to an insider’s credentials. With so many assets and information online and accessible, organizations must take a proactive approach to defending against the insider attack, starting with implementing security tools and practices that support a trusting relationship with user communities. While no one can prevent all insider attacks, adopting a proactive, intelligence-driven approach can help reduce risk, improve compliance and enable the IT organization to better support business initiatives.

Trust, but Verify

Every day, your organization is processing business transactions, collecting sensitive data and collaborating with partners. To make all this work, the modern enterprise depends on trust — trusting employees to not divulge company secrets, trusting partners to not leak customer information and trusting suppliers to protect sensitive data. If people need access to sensitive information and critical systems to do their jobs and service customers, the organization needs to establish and enforce a level of faith associated with that access. Trusting stakeholders to use their access privileges appropriately — and verifying that they do so — can be the most critical and difficult challenge of dealing with insider threats. Another challenge is user authentication: trusting and verifying that the individuals are who they really claim to be every time they try to access information.

Best Practices for Mitigating Insider Threats

To operate efficiently and securely, organizations need to back up the trusted relationships they have with security tools and intelligence that support and validate the level of confidence they place in their business constituents. This is made easier through the application of a few strategies that focus on reducing the risk of insider threats.

1. Identity Management

Let’s face it: One of the most effective ways to minimize the damage people can do to your organization’s security is to limit their access to sensitive information. Provisioning users with access beyond what they need is an unnecessary risk and should be avoided, and their access privileges should be rescinded when they leave the organization. Automated deprovisioning can ensure that orphan accounts aren’t left open for future exploitation by external cybercriminals or malicious insiders.

It takes a sensitive touch to manage this control without impacting the trusted relationship with employees, partners and others. If security controls are too strict and block access to previously available resources, some people may be offended, feeling their own company distrusts them. Partners or suppliers may get frustrated if they are blocked from accessing information needed to complete business transactions. Therefore, attempts to reign in access are often met with resistance and should be handled carefully. But it’s worth doing. Blocking user access to assets they don’t need can reduce the risk of a security breach. Automated, policy-based user provisioning and self-service tools can help strengthen established business policies tied to user entitlements.

Watch the on-demand webinar: Why Insider Threats Challenge Critical Business Processes

2. Identity Governance

As people move about an organization, they can end up with overlapping roles and duplicated or inconsistent entitlements. This “entitlement creep” can lead to improper access to and use of sensitive information, which can contribute to business conflicts and separation-of-duty (SoD) violations. Identity governance tools can help verify and clean up existing user entitlements, building accurate role models and enacting policies and processes that ensure users have appropriate access privileges.

3. Access Management and Risk-Based Authentication

Verifying the identities of mobile users is a big challenge and should involve authenticating the device as well as the user. Device scanning, two-factor authentication and context-based access policies can all help protect applications against fraudulent and unauthorized access.

4. Security Intelligence

The sheer volume of audit and log data from users can actually impede forensic investigation and detection, preventing administrators from uncovering insider attacks or inappropriate user activities. Security intelligence practices, such as the use of security information and event management (SIEM) tools, can provide invaluable resources for validating access and highlighting user anomalies. This data can equip security teams with the insight they need, including an improved ability to distinguish malicious from nonmalicious behavior, so the bad guys can be identified and stopped.

Conclusion

Combating insider threats is a continuous process, but it’s an effective approach to improving an organization’s security posture and increasing protection from external attacks. User credentials, including privileged identities, are often used by attackers once they are inside the enterprise. Safeguarding users’ identities and implementing security intelligence can reduce the damage from external attacks.

 |  |  |  | 
Veronica Shelley
WW Market Segment Manager, IBM Security

More from Identity & Access
October 23, 2023

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

September 13, 2023

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

August 1, 2023

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature