Insider Threats and How to Survive Them

We’ve seen it in countless horror movies. The good guys, on the run from a homicidal maniac, barricade themselves inside a house. They booby-trap the yard, seal off the doors, and board up the windows, only to discover that the killer is already INSIDE THE HOUSE.

As familiar as the plotline might be in slasher films, it’s even more common in the world of cybersecurity. Organizations spend millions on firewalls, intrusion detection systems, and other perimeter defenses, only to find that their sensitive data is being compromised by their own employees and business partners.

Insider threats, while they may be more difficult to define or detect than external threats, represent an enormous cybersecurity risk. In fact, a recent IBM report indicates that insiders are responsible for up to 70% of the cyber incidents in highly-vulnerable industries like financial services and healthcare. Organizations who give equal time to insider threats in their security programs are much more likely to avoid data breaches and keep their finances and reputations intact.

Defining the inside threat

An insider threat is any cyber threat that originates from a person who has been granted access to a company’s information or systems. Insiders can be employees, former employees, contractors, vendors, or business partners. The threat posed by an insider can be inadvertent (such as when an employee loses a laptop) or intentional (including theft by departing employees, sabotage by disgruntled employees, and industrial espionage).

The line between insider and outsider threats is a blurred one, because external hackers often use unwitting insiders to facilitate their attacks. From simple phishing emails to more complex social engineering attacks, hackers can use a variety of methods to steal credentials and compromise devices. The massive Target data breach, for example, began when an employee at one of Target’s vendors clicked on a phishing link and allowed hackers to gain access to Target’s payment processing systems.

Insider threats are especially challenging to manage when companies fail to apply the principle of least privilege, which dictates that people should be given the minimum level of access that allows them to do their job. Employees and vendors typically have access to more systems and data than they need, which only serves to magnify the damage when things go wrong.

What to do about it

Once the victims of a horror movie lock themselves inside with the bad guy, there’s usually not much they can do but scream. Here in the real world, fortunately, companies can protect themselves against insider threats by locking down their data with persistent encryption.

Encryption, when implemented in conjunction with an effective key management solution, allows authorized users to access and share data while making it impossible for unauthorized parties to exploit it. If a business partner, for example, saves a terabyte of data on an unsecured cloud drive, encryption will prevent anyone without the decryption key from reading a single byte. Sensitive files stored on a company’s file servers can be encrypted with a key that only certain employees can use, preventing other employees from compromising the data. Outgoing email messages can be encrypted to ensure that only the intended recipients will be able to read them.

PKWARE’s Smartcrypt is the only data protection solution that applies persistent encryption to sensitive data across the enterprise, from user devices to mainframe systems. If you’re ready to take action against your organization’s insider threats, learn more about how Smartcrypt can help you find, protect, and manage your senstive data today.