Insider Threats: A Growing Concern for Enterprise IT Security

by | Jul 11, 2021

Insider threats are those posed by internal actors who abuse their trusted access to an organization’s systems, data or facilities and act against its interests.

Insider threats are in many cases intentional. In these cases, perpetrators from inside the organization have malicious intentions, may support a third-party with such intentions or in rare instances, may actually be an outsider posing to be an insider. While such intentions may not be present in the case of unintentional insider threats, internal actors still end up unknowingly jeopardizing the safety and security of the organization, either by being careless or by falling prey to targeted scams.

According to our recent report on the prevalence and impact of insider threats among Singaporean enterprises1, 48% of respondents did not deny their organization becoming a victim of such attacks in the last 12 months. The report, titled ‘Insider Threat Report 2022 – Singapore Edition’, examines the current insider threat landscape and some of the key vulnerabilities that enterprises need to address.

When it comes to insider threats, prevention measures continue to fall short. Only 10% of respondents were able to claim that their organization was completely safe against such threats with 11% of the remaining admitting to their organizations being extremely vulnerable. While suitable mitigation policies are the obvious solution, the report finds that many underlying factors are at play in holding back enterprises from building the right barricades.

The complexities of mitigating insider threats

External attacks such as malware or phishing scams can be kept out using perimeter security such as firewalls and intrusion detection systems. Instituting similar measures for internal attacks however, requires striking a delicate balance between access rights and the security of the data and applications that are being accessed. As such, it comes as no surprise that 90% of enterprises find internal attacks being more difficult to deal with than external attacks. For example, denying access to a privileged account upon suspicion of malicious activity can lead to unnecessary loss of productivity in the case of false positives. This demands enterprises to go beyond static rules to more advanced measures based on behavioural intelligence and dynamic policies.

Another facet to insider threats are offline attacks which are inherently difficult to monitor. Enterprise data and files that are exported to personal drives for example, are no longer visible on the internal radar. According to the report, nearly 80% of enterprises perceive offline attacks as more difficult to tackle than online attacks, with a third strongly agreeing that offline crimes pose a larger threat. With the rise in work-from-home practices in the aftermath of the pandemic, susceptibility to offline attacks are expected to grow as more tasks are performed remotely on devices not connected to the enterprise.

Proactive, real-time or reactive?

The report also found that only 29% of enterprises had proactive systems that could predict and curtail insider attacks before they take place. Another 30% had real-time threat response that acts upon the detection of a security incident while 36% of enterprises resort to acting only after an attack has taken place and data has been compromised. The remaining 5% had no mechanisms at all and would only take action if there were legal obligations.

Addressing insider threats requires enterprises to institute dynamic policies tailored to the risk profiles of their internal users and the criticality of their data/applications. Halodata’s solutions such as CoSoSys, Apricorn, Kanguru, senhasegura are to equip enterprises with proactive monitoring and threat detection that spans both online and offline operations. Leveraging such solutions, enterprises can greatly reduce their insider threat risks while improving employee productivity and satisfaction.

Sources:-

[1] Insider Threat Report 2022 – Singapore Edition, Halodata, June 21, 2022, https://halodata.asia/SG-insider-threat-report

Synopsis

This article, based on the findings from Halodata’s 2022 Singapore Insider Threat Report, discusses the susceptibility of enterprises to insider threats and the complexities involved in mitigating these threats. It also looks at various mitigation approaches adopted by enterprises.