Having been identified as a point of focus, the next steps to mitigating insider attacks, is to devote significant resources to prevention, while realistically assessing exactly what vulnerabilities exist and prioritising what information needs the most protection. Over half of respondents admitted having no idea how much an insider threat costs, though nearly as many admit to allotting less than ten recent of budget to the threat.
“The primary failings that contribute to insider attacks are due to the lack of visibility, accountability and auditability” Roy Duckles, EMEA channel director at Lieberman Software Corporation, wrote in an email to SCMagazine.UK.com.
Duckles points out that in order to provide their users with business as usual capability, companies will effectively remove the safeguards that prevent insider attacks. “There is an assumption that if a person or group have the ‘keys to the kingdom' with full admin rights across an enterprise, that this is a viable and effective way to apply security policies. Anyone who has full admin rights and no accountability has the opportunity to effect an insider attack with a low risk of being detected. Without privilege admin controls there is no way of controlling this security blind spot.”
He suggests enterprises enforce effective Two-Factor Authentication (2FA) and privileged access controls, making sure that administrators don't know the passwords to get access to systems by changing them when used. By auditing this activity, Duckles writes, an organisation can remove the primary risk for insider attacks.