Light Dark
December 5, 2016 By Laurène Hummer 3 min read
Identity & Access

Insider Threat: Not Like the Movies

The hacker is hunched over his machine, the hood of his gray sweatshirt covering his hair and plunging his face in shadows as he types feverishly on a black keyboard. Using his considerable skills, he infiltrates some of the best-guarded corporations, stealing valuable data and millions of dollars. He is halfway across the world in a dark apartment at a remote location, and corporations are powerless to stop him.

Actually, scratch that. While that’s the picture painted in movies and security commercials, that scenario is dead wrong in about 45 percent of cases.

The threat putting you at risk actually looks something like this: Your bioscientist unlocks the front door with her employee badge and logs into the lab computers with her credentials. She’s just been denied a promotion — again — and has accepted an offer from a competitor. She’s downloading some of her research onto a flash drive to take with her once she leaves your employment.

This banal action may not be movie-worthy, but the consequences and scope of the potential losses definitely are. That’s why many organizations are asking security professionals how to protect their data against insider threats.

Here are our recommendations in three steps.

1. Reduce Exposure

First, limit the ways in which a trusted insider or external actor can steal your data by making sure your key information is appropriately protected. Data security and identity and access management (IAM) tools, including access management and governance technologies, work together to do just that. In many organizations, however, these technologies are not well-integrated, and the resulting security gaps can put your data at risk.

To determine whether that’s the case in your organization, identify any data that you deem highly sensitive, such as trade secrets, proprietary data, customer lists, financial or employee information, etc. Then methodically map all its access pathways to figure out where it is located, how it is accessed and by whom. This will give you the insights necessary to determine whether your data security, access policies and user governance are working the way they should. From there, you can prioritize the security actions you need to take to protect your data.

This exercise enables you to answer the following questions:

  • Who has access to sensitive data?
  • Who should have access?
  • Are we restricting the ways in which legitimate users can access data to make it hard for others to steal it?

2. Detect the Insider Threat

Once your systems are in place and working well to minimize the risks to your sensitive data, you should be left with a small pool of legitimate users who require access to do their jobs and create value for your organization. However, these users can still pose a risk if they fall prey to an external actor or become malicious actors themselves.

For that reason, it’s important to monitor the way these users interact with your information to ensure they are using it in legitimate ways. Anticipate the risk of malicious actions before they occur and respond promptly when breached to reduce the damage an insider can inflict.

To cut through the noise and make sense of the millions of transactions you’ll likely observe from your users, analyze more than just their transaction patterns. Identify risk factors from other types of information, such as HR data, to flag users who could pose a greater risk. For example, employees in a division that just underwent a major reorganization or a round of layoffs could be more likely to develop malicious intent. Cross-referencing these risk factors together with the transaction patterns can help narrow down incidents for additional investigation.

Register for the Dec. 14 webinar: Three Steps to Stop Harmful Insider Actions

It’s also important to note that organizations can observe the behaviors of their users without violating their right to confidentiality, striking a balance between security and privacy. In most cases, you’ll be able to achieve meaningful results without compromising privacy.

This exercise will allow you to answer the following questions:

  • What are end users and administrators doing with data?
  • What do normal transaction patterns look like between users and your sensitive data?
  • How much can you trust each individual user?
  • When should a deviation be cause for further investigation?

3. Get Started Today

Don’t wait until the next breach to take action and secure your most sensitive data. You can start small to fight insider threats. Identify five to 10 pieces of data or information that are most important to your organization and go from there. If you don’t have the resources to do this exercise in-house, seek out a third-party vendor for help.

Last week, IBM announced a new insider threat protection offering to help customers address the security gaps insiders might exploit with an approach that provides clear, actionable intelligence. The security specialists involved have the business, data and IAM security experience to help you evaluate intelligence, draw more meaningful conclusions and prepare for next steps.

Attend our Dec. 14 webinar, “Fight Back Against Insider Threats: Three Steps to Stop Harmful Insider Actions,” to learn more about how you can reduce your risk and protect your critical data.

 |  |  |  |  |  | 
Laurène Hummer
Offering Manager for IAM Services, IBM Security

More from Identity & Access
October 23, 2023

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

September 13, 2023

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

August 1, 2023

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature