TACKLING INSIDER THREATS

On November 12, 2024, Pointury hosted a roundtable about Insider Threats with Johan Kestens, former CISO at BNY Mellon and Marc van Zadelhoff, CEO of Mimecast.

Tackling Insider Threats in Cybersecurity Defense

This insightful event highlighted one of the most complex challenges in cybersecurity: protecting organisations from risks originating within their own ranks.

Understanding Insider Threats

Insider threats stem from individuals within an organization, such as employees, contractors, or partners, who may either intentionally or unintentionally jeopardise security. These threats fall into three main categories:

• Malicious insiders – individuals who intentionally harm the organization.
• Negligent insiders – individuals who accidentally compromise security through carelessness.
• Compromised insiders – individuals whose accounts are accessed or controlled by external attackers.

According to industry insights shared during the event, insider threats are responsible for an estimated two-thirds of cyber incidents. As these risks primarily involve people, they pose a significant challenge for cybersecurity teams, demanding a unique approach compared to threats from external sources.

Key Moments for Controlling Insider Risks

Insider threats often arise at critical points in the employee lifecycle, specifically during the hiring and departure stages. Organizations can implement the following preventive measures:

• Onboarding: Conduct background checks and provide thorough training on company policies for new hires, including contractors, to ensure they understand security expectations and procedures.
• Offboarding: Upon an employee's departure, promptly revoke all access privileges to prevent any potential misuse of company data or systems.

These steps establish a foundational layer of security and minimize the risk associated with these key transitional moments.

A Multifaceted Approach to Insider Threat Mitigation

Addressing insider threats requires a comprehensive strategy that combines technical controls, policies, and cultural measures:

1. Access Controls: Limit data exposure by implementing strict access controls, allowing employees to access only the information necessary for their roles.
2. Employee Training: Regularly educate employees on security awareness to reduce negligence. Training should include recognising phishing attempts, understanding data handling procedures, and reporting suspicious activity.
3. Advanced Monitoring Tools: Deploy tools to detect unusual behavior, such as accessing sensitive information outside typical working hours. These tools can provide early indicators of insider threats, enabling timely intervention.
4. Clear Policies and Procedures: Establish and communicate clear policies around data protection, incident response, and acceptable use of company resources. These guidelines help employees understand what is expected and the consequences of non-compliance.
5. Positive Work Environment: A supportive workplace culture can lower the likelihood of malicious actions, as satisfied employees are less inclined to act against their organization.
6. Regular Audits and Risk Assessments: Conduct frequent security audits to identify vulnerabilities and proactively address potential weaknesses.

Enhancing Detection and Prevention Capabilities

In addition to preventive measures, organisations should adopt strategies for detection and intervention:

• Whistleblower Systems: Encourage employees to report suspicious activity or concerns. A whistleblower program can provide an additional layer of oversight.
• Prioritization and Surveillance: Implement the "four-eyes principle" (requiring two individuals to review certain actions) for critical activities. Prioritise monitoring of high-risk areas and within legal boundaries,  implement some form of surveillance.

Conclusion

Insider threats are among the most difficult cybersecurity challenges, as they involve the complexities of human behavior. By integrating a multi-layered approach that includes training, monitoring, strong policies, and fostering a positive workplace culture, organisations can better protect themselves against these risks. Ultimately, balancing trust and security is essential for safeguarding sensitive data and ensuring resilient cybersecurity defences.

For more details on future events and insights, visit www.pointury.com.

Since 2003, Mimecast has stopped bad things from happening to good organisations by enabling them to work protected. We empower over 40,000 customers to mitigate risk and manage complexities across a threat landscape driven by malicious cyberattacks, human error, and technology fallibility. Our advanced solutions provide proactive threat detection, brand protection, awareness training, and data retention capabilities evolving workplaces need today. Mimecast transforms email and collaboration security into the eyes and ears of organizations worldwide.

Check out upcoming events and other interesting articles on www.pointury.com.