Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and behaviors of organization insiders who pose a serious cyber threat.
The individuals who steal privileged information have common traits and behaviors. Unless specifically trained, many managers may not recognize a malicious insider at work in the organization. The following is a list of some of the traits and behaviors frequently found among insider threats.
Behavorial Characteristics2 | Behavioral Indicators2 |
|
|
What can you do? 3
Policies – Ensure that your organization has an acceptable use policy, and has instituted procedures to report suspected insiders.
Training – All levels of the organization should receive insider threat training and have the necessary tools to communicate this threat to all employees.
Safeguard Data – Sensitive data should be safeguarded according to least-privilege. Access should only be provided to a few individuals that require access.
Stay Vigilant – Be particularly vigilant when employment is terminated. Remove access immediately to all systems. Have the departing employee sign a confidentiality agreement and ensure that they understand their legal obligations under such agreement.
For further information, read Insider Threat: Addressing the Threat Within
Sources:
1 InfoSec May 2013
2,3 www.us-cert.gov
Implement a Threat Hunting Program or Managed Detection and Response (MDR) Program to continually be on the lookout for potential attacks. We can help strengthen your threat management program.