Let’s start off with a few statistics, courtesy of IBM. Fifty-five percent of all cyberattacks are either carried out or facilitated by by employees within the walls of your business. Of those attacks, 31.5 percent are intentional.
By contrast, 45 percent of attacks are facilitated by outsiders.
The statistics paint a rather clear picture, no? It’s easy to be distracted by the ever-present threat of hackers or malware – so much so that all too often, security teams forget that a malicious insider can cause just as much damage as a hacker (sometimes more).
Whereas an attacker needs to find some way to access your network, a malicious employee’s already inside. From the beginning, they’re operating from within your firewall, from within every line of defense designed to prevent a data breach. Not only does this make them significantly more difficult to stop, it also means they can cause far more damage if left unchecked.
So what can you do, exactly? How can you prevent an insider from wreaking havoc within your security perimeter?
First, understand their motivations
The motive behind a malicious insider’s actions often boil down to one of two things: either they’re acting on some frustration or grievance with their company, or they’re motivated purely by financial gain. The good news is that the former can be mitigated through good management techniques. After all, an employee won’t generally have reason to cause harm to their company if they love their job, right?
Of course, understanding’s only the first step. You aren’t really going to be able to do much to satisfy an employee that’s angry about being laid off, nor can you really stop a greedy insider threat with kind words and good management. In order to actually protect your data, you’ll need to take things a little further.
Second, implement strict access controls
Too often, I see enterprises that seemingly take a communal approach to file security. That is to say, everyone has access to everything – even a lowly desk jockey in accounting is able to log in to a file repository containing their business’s most sensitive data. Simply put, this is unacceptable – an employee should only be able to access a particular file or repository if it’s directly related to their work.
Otherwise, they need to be locked out.
Third, utilize document-centric security
Now, even access controls won’t always stop an employee if they’re aware of a particular security hole or glitch. That’s where document control comes in. If you protect all of your sensitive files with a solution that lets you control how, when, and where they’re accessed, then it won’t matter if a malicious insider releases them into the wild – you can just flick a switch and they’ll be unusable.
Finally, be proactive
Last but certainly, always make sure you stay abreast of the latest vulnerabilities, and remove access permissions from employees that no longer work for you. A disgruntled former IT professional might be aware of an unpatched vulnerability that they can exploit to access your network – it falls to you to keep that from happening. Active prevention offers more protection than even the most hardened firewall.
About the Author
Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.