fbpx
Search
Close this search box.

The Hack is from Inside the Network: Mitigating Insider Threats

Human figures standing together with one stand out red one in the middle.
Human figures standing together with one stand out red one in the middle.

How To Mitigate Threats From Inside Your Network

Think back to the most recent cybersecurity advertisement you’ve seen. Chances are the advertisement sold the abilities of the product or service at keeping intruders out of your network. They may have utilized the images of barbarians being thwarted at a castle moat to drive home just how effective they are at keeping threats from ever entering your environment. These visual cues reinforce the feeling of safety our ability to delineate between the relative safety of our internal network and the Wild West of the Internet. Only instead of a moat filled with alligators, we have a firewall, which admittedly isn’t nearly as cool as the name implies. This focus on protecting from the outside in is endemic in the cybersecurity space and does not take into consideration the unpredictable and arguably more dangerous attack vector, the insider threat. We have to apply this same focus to mitigating risk from inside your network. 

It’s difficult and uncomfortable to consider, but someone you work with may be planning or carrying out a cyberattack from within your organization. As uncomfortable as this makes us feel, the reality is that inside threat actors are real and they can cause considerable damage to their organization. Arguably the most well known and controversial inside threat actor is/was Edward Snowden. Through a mix of social engineering and technical savvy he was able to access information relating to NSA’s domestic activities, and in 2019 alone insider was able to obtain roughly 140,000 Social Security numbers, 80,000 bank account numbers, and a plethora of other sensitive information from Capital One. While their motivations were different, there is no understating the impact that these individuals made.

A combination of administrative and technical controls is the best tactical decision for mitigating insider threats. While the controls are in two different domains, they empower each other. The joint effort of classifying data and applying Data Loss Prevention (DLP) mitigates the ability for data to be deleted or exfiltrated. Similarly, implementing Role-Based Access Control (RBAC) ensures that people only have access to the resources they need access to. It is paramount that the decision-makers have a solid grasp of the technical capabilities of your organization so that they are informed with the best knowledge on what is possible and feasible. There are also administrative and technical controls that work independently of each other.

Enforcing separation of duties and mandatory vacations allow any fraud to come to light. If Frank in accounting is the one who manages all facets of accounts payable begins paying invoices to FranksFishingTrip LLC, it will be more difficult to notice the malfeasance than if Frank is the one who processes the invoice and Carla is the one who processes the payment. Mandatory vacations also bring malicious activity into attention as the inside actor is unable to cover their tracks, and a fresh set of eyes will be able to see that FranksFishingTrip LLC wasn’t contracted for plumbing work, and no invoice was received! Similarly, there are technical controls that should be put in place that can function outside of the administrative sphere of influence.

At Corsica, our SOC monitors for several actions that can be an indicator of an insider threat such as changes anonymous sharing of SharePoint and OneDrive data, and large outbound transfers from outside my country. When we receive an alert for these events, we review other events and data from the device to evaluate the potential for an insider threat. These two examples most effectively illustrate how seemingly benign actions have the potential to be an inside attacker removing your data from your control. It can be difficult to consider that your colleagues have the potential to do great harm to your organization. When reviewing your technology security policies keep the potential for an insider threat at the forefront of your mind and consider how your organization can combine administrative and technical controls to mitigate the potential harm. If you are concerned you may be breached or feel your plan isn’t secure enough to protect your organization contact us today to schedule your risk assessment. 

Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

Business IT Support - 17 real-life examples - Corsica Technologies

Business IT Support: 17 Real-Life Examples

Who’s going to support your business’s IT systems? If you don’t have people on staff, or if your existing staff can’t cover all your needs, you may choose to work with an MSP (managed IT services provider). This type of

Read more

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.

Ready to talk to an expert?

We’ll respond within 1 business day, or you can grab time on our calendar.