Insider Threat

A Complex Challenge

The insider threat problem remains one of the most daunting challenges in information security today, and presents a unique challenge for information technology departments. Organizations want to trust their employees, however it’s not always about malicious intent. Everyone makes mistakes, and sometimes those mistakes can be costly. Target saw 30% of its value evaporate overnight, and its CIO was fired, when someone accidentally exposed a sensitive internal database containing customer credit card numbers to a DMZ location. However the notion of a malicious insider is also presents a real risk: insiders can steal intellectual property, sensitive client information, or proprietary data. Trusted insiders can then release that information to the public, sell it to a competitor or foreign power, or simply delete those files and the accompanying backups. These events can cause irreparable damage to your reputation, loss of business, and lead to costly financial penalties.

A Widespread Problem

According to a recent report developed by Crowd Research Partners, produced in partnership with a number of leading cybersecurity vendors, the situation is dire:

• Ninety percent of organizations feel vulnerable to insider attacks. The main enabling risk factors include: too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%).
• A 53% majority have confirmed insider attacks against their organization in the previous 12 months. Twenty-seven percent of organizations say insider attacks have become more frequent.
• Organizations are shifting their focus to detection of insider threats (64%), followed by deterrence methods (58%), and analysis and post breach forensics (49%). The use of user behavior monitoring is accelerating; 88% of organizations deploy some method of monitoring users.
• The most popular technologies to deter insider threats are Data Loss Prevention (DLP), encryption, and identity and access management solutions. To better detect active insider threats, companies deploy Intrusion Detection and Prevention Solutions (IDPS), log management and SIEM platforms.
• The vast majority of organizations (86%) already have or are building an insider threat program. Thirty-six percent have a formal program in place to respond to insider attacks, while 50% are focused on developing their program.

Comprehensive Assessment

Aerstone’s active security testing can help identify gaps in the human, technical, and physical elements of your insider threat program, and assist you in mitigating that risk to prevent breaches from occurring. Aerstone’s team of penetration testers uses a combination of state-of-the-art commercial, open source, and proprietary technologies, as well as cutting-edge methodologies and techniques – just as a malicious insider threat would, to simulate an attack on your networks and applications. Aerstone’s assessment team will test your systems and processes to evaluate the level of damage that an insider threat could perform; advise on how to better apply an existing insider threat program, or can customize a program that addresses your business needs and would ensure compliance with applicable security standards; and will help train your employees on the early warning signs of an insider threat to reduce the chances that today’s trusted insider could become tomorrow’s successful security breach.