Most discussions about effective IT security measures revolve around building walls to protect systems from external invaders. The problem is that this approach totally ignores a potentially more dangerous threat; that is, systems often get compromised from the inside or at least, with access granted to insiders.
It's important to protect the castle from intruders outside the gate, but an even more serious and challenging threat may be malicious, greedy, or simply careless folks on the inside. With that expanded perspective of cybersecurity, it's important to consider how insider threats can be monitored, detected, and stopped before they severely impact the business.
Insiders Without Malicious Intent Might be the Path of Least Resistance for Hackers
The way that users access data has definitely shifted in the past few decades. As IT moved from mainframes to client-serve technology to web apps, the number of insiders with many different pathways to access data have grown. An opinion piece in CSO makes the point that the definition of security risks hasn't evolved with the actual changes to the way that authorized users may access data.
It's not that executives and employees who need access to data have become less trustworthy as computer systems evolved. It's just they have begun to enjoy the flexibility of access via all types of remote and distributed devices. As employees grow more empowered to use data in different ways, the task of protecting that data becomes exponentially more complex and requires more cooperation from those end users.
Today's employees might use sensitive systems from their laptops at home and even mobile phones that are connected to unsecured WiFi at the airport or a coffee shop. As another example, a privileged system user may just hope to save time by downloading a sensitive document or spreadsheet and dropping it in an unapproved cloud storage and sharing service or emailing it via a personal address.
Protection Against Insider Threats
Some experts refer to insider threats as accidents just waiting to happen to most companies. It's important to monitor all employee actions. At the same time, it's critical to let insiders know that actions are monitored and make sure they are trained about what kind of actions will trip the alarms. They don't just need to know the rules; they also need to understand why.
Sure, when employees know that their actions are always monitored, they are much more likely to comply. Moreover, when employees understand why shortcuts like using unsecured Internet access or taking advantage of commercial drop boxes are against the rules, they are much more likely to comply cheerfully and also help keep their colleagues or associates in line. In an era when the largest threats may come from the inside, the insiders need to feel trusted as part of the solution and not just a potential threat.
According to "Defending Against Insider Threats Hangs on Trust," the idea of trust doesn't mean that it isn't necessary to increase controls and really prioritize types of data for its value or sensitivity. It also means making sure that these same insiders have been well educated about why these steps are needed and how limiting access and monitoring online actions protects them and their employers.
The Sweet Spot for Internal IT Security
The sweet spot for hackers may not be trying to compromise sophisticated data security measures but simply to compromise well-intentioned but possibly careless users. With this in mind, it's important to change the definition of security risk to include more than just hackers or thieves with malicious intent. At the same time that security measures protect data, they also need to protect the people...sometimes from themselves.
Meanwhile, internal security breaches still could come from insiders who hope to profit or simply sabotage their company. It is important to defend against breaches that may compromise sensitive information or break compliance with a regulatory agency, intentional or not and to do so before any lasting damage is done.