Business leaders are always looking for the best and brightest employees. Unfortunately, sometimes that knowledge and critical trust are broken and used against you, and sometimes it’s simple negligence. Regardless, the potential damage from insider threats is real.
For example, on November 23, 2021, Ontario Provincial Police announced that “multiple arrests had been made following a cybersecurity breach of Ontario’s COVID-19 vaccine system”. Two suspects were arrested, one of whom worked in a vaccine booking call centre and is a former government employee. Luckily, no health information was stolen. However, personally identifiable information (PII) was.
The big question is: Would your organization have been able to detect this breach on time? And if so, do you have the incident response procedures in place to stop the attack and mitigate data exfiltration?
Preventative Mitigation Measures
Before we dive into detecting insider threats, it’s essential to quickly identify some of the vital steps that all organizations can take to minimize risk:
- Acceptable Use Policies - A guiding document for all users on how all physical endpoints and buildings, networks and cloud can be accessed and used, and rules for the safety of all data.
- A policy of least privilege - Grant users access only the data they need to do their job.
- Secure Authentication - Making sure that all users follow multifactor authentication to access the IT environment and that this access can be remotely wiped on a seconds notice, including at the point of employee dismissal
- Device and Account hygiene - Regularly remove old devices and accounts from the system, and enforce strict password rotation rules for cloud collaboration platforms
- Employee Awareness - Teaching employees how to spot and report suspicious activity
For insight into detecting and identifying potential insider threats as well as ways to help harden your defences, read our Threat Insight report!