Insider threats: Suffering from the detective's curse
Insider threats: Suffering from the detective's curse
Recently, I was watching an episode of the crime drama True Detective. The character Marty, played by Woody Harrelson, is discussing with his partner the concept of the ‘Detective's Curse'. This is when the answer to a complex case is under the detective's nose the whole time, yet they still can't see it. 

In the IT security space, a certain degree of detective work is required. Think threat hunting and attribution. It's all about working from the big picture backwards. Examining every log to identify what went wrong, who gained access to which files and how. While most businesses consider external threats as one of the biggest challenges to their overall security and may focus their efforts here, perhaps they should start looking a little bit closer to home before pointing the finger at third-party vendors. 

The danger from within
Sometimes when looking for an answer, you search everywhere before you looking at what's right in front of you. One may be thinking; how does this apply to enterprise security? One of the biggest threats to business security comes from insiders, people from within including freelancers and on-site contractors, who have elevated levels of access to privileged accounts. According to recent research, the level of trust that businesses have in their employees is far too high, with 41 per cent of UK respondents stating that they have complete trust in employees with privileged access. This isn't a good position to be in and that too much trust in employees is one of the biggest threats that needs to be addressed. It may be a cliché, but the weakest link in a business's cyber-defences are often internal.

Placing a lot of trust in employees with privileged access can be a double-edged sword. Security professionals are aware of the various risks that these employees pose to the business. Yet rogue employees that plan to exploit company data for malicious intent don't top the list of concerns for IT decision makers. The top concerns are that a breach could be caused by employees unintentionally mishandling data, for example sending sensitive information via email to the wrong person, or that an employee's administrative access or privileged credentials could be easily phished by nefarious individuals. 

It only takes one employee to leave a business exposed and vulnerable, and we are seeing more attacks and incidents being associated with various forms of insider threat. Earlier this year, Bupa, the UK private healthcare giant, fell victim to a rogue employee who inappropriately copied and removed some customer information from the company. The data breach affected around 547,000 health insurance policies, with the data stolen including names, dates of birth, nationalities, and insurance membership numbers. To safeguard against this type of leak, it's crucial that organisations control, manage, and monitor privileged access to their systems.

Educate, educate, educate
Technology is only one component of a robust security posture. People and processes also have a key role to play. Any business can invest in new technology, yet many often come up short when deploying and evolving security processes and training. The research also revealed that less than half of companies have reviewed their access policy in the last two years. This is an alarmingly insufficient approach. Businesses must implement IT security training initiatives to educate employees on security policies and best practices. It begs the question: if an employee hasn't been trained to know what a threat looks like, how will they be able to protect themselves?

Complacency can be costly
One of the more concerning results from Bomgar research was that most businesses feel reasonably safe most of the time. This feeling is not unexpected and probably a form of self-defence; you can't live in constant fear, but in the face of a rapidly evolving risk landscape this complacency only serves to invite trouble. Is it too much to ask to want to feel completely protected all of the time? After the recent Yahoo and Equifax hacks security teams should be rushing to plug any holes. 

With tools readily available to businesses, there's no excuse for allowing internal parties unsecured privileged access to critical systems and data. With breaches making headline news on a daily basis, the pressure will continue to mount on businesses to tighten up their defences. Remember, sometimes the answer to your problem can be found right under your nose. 

Contributed by Stuart Facey, VP EMEA, Bomgar

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.