3 ways CXOs can guard against insider threats
INSIDER threats have always posed quite a challenge to cybersecurity specialists looking to defend a company’s data and infrastructure.
In the digital world, while external attackers are getting increasingly sophisticated, internal threats are getting harder to prevent especially using traditional tools and solutions.
The massive Capital One breach in the US, just days after US government agencies collectively settled their suits against Equifax for a data breach, took the country by storm.
Called a prime example of “insider threat” in the cloud-powered world, the Capital One incident forces everyone to put on their thinking caps to re-think internal threats and the tactics that can be used to protect against them.
In the US, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), is working on a set of guidelines to help companies better manage cybersecurity and other enterprise technology risks.
COSO is a joint initiative of the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the National Association of Accountants (now the Institute of Management Accountants (IMA).
While COSO told the Wall Street Journal that the guidelines aren’t a reaction to the Capital One incident, it is expected that they will be able to help prevent such incidents in the future.
Although no concrete guideline or framework currently exists, here are a few steps companies can take to protect against internal threats:
# 1 | Active access control and governance
Companies, especially large enterprises, have dozens of applications that support its staff and business. However, not every member of staff needs access to all the tools, at the same time, and in the same manner.
If organizations want to protect against insider threats, the first thing they must do is ensure that they actively monitor all access requests, and periodically check whether or not a user continues to require access to a particular tool (and/or has logged in even when access is no longer needed).
Some organizations tie application access to projects which, in some kinds of businesses, can make monitoring and governance of user IDs much easier.
# 2 | Continuous training on risks and responsibilities
Employees are responsible for their actions at work, and must understand that they have access to data because of their role in the company. This means they have a responsibility to protect that data.
Far too many employees think that cybersecurity and data protection are the responsibilities of IT teams and cybersecurity specialists. It’s why they’re not very concerned about mistakenly clicking on suspicious links and opening email attachments.
Organizations that want to neutralize insider threats must make it clear that the business, and all its employees, collectively, are responsible for customer and company data.
# 3 | Seek out new-age tools and solutions
Cybersecurity specialists see artificial intelligence (AI) and the internet of things (IoT) as technologies that make their life more difficult and although that is true when it comes to external bad actors, those very technologies act as powerful tools against insider threats.
Modern security applications can monitor employee behavior, and either automatically create additional layers of protection that must be overcome in order to access data, or alert the governance team to evaluate the employee’s actions on an individual basis.
Further, organizations can bind access to applications to perimeters created by IoT sensors and AI solutions, ensuring employees can only access sensitive applications while inside the company’s facilities.
Overall, protecting against insider threats is hard, but given the complexities of the digital age, companies need to (immediately) take reasonable precautions to protect themselves.