This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Break-in Prevention
    • Building AppSec in Enterprises
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » Insider Threats: An Underestimated Risk
Cyber Security NewsAccess ManagementPhysical Security

Insider Threats: An Underestimated Risk

data theft
June 11, 2019
Bud Broomhead
KEYWORDS cybersecurity / data theft / insider threats
Reprints
No Comments

What is an insider threat? Security professionals know that insider threats, by their nature, are a broad-based threat and, more than ever before, can be extremely difficult to defend against. In this article, we will briefly discuss the possible risks, as well as some options for building up your defenses.

There are a range of possible motivations for insiders to hurt an organization, including greed, anger, and many more. Similarly, there are many possible methods by which an insider can damage or threaten an organization. Theft of property or information, or physical or electronic damage are all possible and different detection and defensive measures are indicated for each, tailored to the business that the organization is in. To be of most general use, we will focus mostly on cybersecurity issues, which apply to most organizations.

One area that is of particular importance today is the challenge of protecting confidential materials and data, and how important it is for innovative organizations to prevent the theft or alteration of intellectual property. Intellectual property can be stolen by an employee which can be sold to a competitor or foreign government, transmitted to a competitor in return for new employment, or even used to start their own company. A real-world example of this is the lawsuit between Cadence and Avanti, two semiconductor companies that had a six-year long court battle because of allegations that an insider stole confidential software code from Cadence, which was then used to found Avanti.

Working to prevent insider cyber threats involves careful monitoring of the company’s network, seeing what information has been downloaded and determining whether information has been downloaded to external sites. The trick is to strike the right balance of monitoring and privacy to sustain some level of employee confidentiality. Usually, a clear policy of network monitoring helps alleviate any concerns; without such a policy, employees can react badly if they discover they are “being spied on”. And, there may even be some applicable parts of the GDPR and other regulations that limit the employer’s ability to monitor employees. But at the same time, the business should control its risks and limit the damages it would suffer from the insider threats as much as possible.

One of the best ways to defend against insider threats is to ensure that critical data has a chain of custody. This can be accomplished using an automated verification solution that monitors the storage and retrieval processes for anomalies and triggers alerts when unexpected or unauthorized operations are attempted. Implementing this kind of system would apply to critical customer data, design and business information and even to stored video surveillance footage.

For example, insiders that are planning thefts, vandalism, or other unwanted behaviors would be aware of video surveillance cameras and could also know where the video surveillance data is stored. Doing some malicious file deletions, including the footage that would otherwise incriminate them, would be a good way to help cover their tracks. Most organizations would not be aware that something like this was happening, unless they were using an automated verification solution. Automated verification solutions are really needed to make sure the chain of custody is maintained, and the evidence is valid. By virtue of having an automated verification system that is analyzing, checking and watching for anomalies, an organization will be on top of potential threats to the security environment. If that system has the capability, it can also monitor who is on the network, who has authorization for what operations and who did what and when. From the forensic angle, it's a powerful ability to do ongoing, automated continuous anomaly detection.

One more powerful tool for battling insider threats is to decrease the chances of account misuse – that is, someone ‘borrowing’ the login information of a person with higher network authorities. This can be straightforwardly minimized by implementing two-factor authentication, particularly when one of the authentication methods is based on biometrics.

Whether their objective is tied to greed, sabotage or espionage, insiders can cause enormous damage to all types of organizations. With sensible protective measures in place, much of the potential for cyber damage can be reduced. Don’t wait until an incident occurs – encourage your IT and security management to cooperate and take proactive steps.

Subscribe to Security Magazine

Recent Articles by Bud Broomhead

Physical and Cyber Convergence—At Last?

Bud Broomhead is CEO of Viakoo

Related Articles

What's the Average Cost of an Insider Threat?

Enterprises at Risk from Accidental Insider Threats

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

cyber network

How to Achieve Cybersecurity with Patience, Love and Bribery

cybersecurity-blog

European Hotel Group Suffers Data Breach Impacting 600,000 Hotels Worldwide

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing