Insider Threat Management: How to Reduce the Risks From Within Your Organization

One of the most challenging cybersecurity risks for organizations is insider threat management. It’s hard when you place so much trust in your employees to discuss the fact that one of your own team members could be part of a cyberattack. It does happen. In fact, there is evidence that indicates Accenture’s recent $50 million ransomware attack may have been an inside job. Last summer, criminals offered a Tesla employee $500,000 in exchange for installing malware in the manufacturer’s environment. The employee alerted his supervisor—but would yours? (Watch this Breaking Breaches video for full details on the Tesla attack.)

Would One of Your Employees Take the Bait?

The risk of malicious insider threats is rising, and criminal groups are actively advertising for insiders to help them hack into organizations. Earlier this year, the LockBit ransomware group launched advertising campaigns offering big payouts to employees that provide access to high-value networks. These payments can reach millions of dollars.

Now that the average cost of an insider threat has reached a staggering $11.5 million, it’s crucial that you take steps to reduce your organization’s risks.

Insider Threat Management Tips

When you consider how to reduce your risks from insider threats, this is a case where an ounce of caution is worth a pound of cure. Proactive preventative measures are your best path forward. But even if you do everything right to protect your environment from criminals, all your efforts are moot if an employee lets them inside.

Sadly, preventing insider threats is very difficult – especially for malicious actors. A recent survey found that “53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack.” CISA recommends that organizations create an insider threat mitigation plan and offers a 5-step process, tools, videos, and program recommendations.

Here are some “low hanging fruit” steps that will help you quickly improve your insider threat management and effectively reduce your risks of insider threats.

1. Proactively train your staff. This is the best and most effective way to reduce your risk of an insider threat. Your staff is a key part of your cybersecurity defensive posture, and providing cybersecurity awareness training for your entire team can help you prevent and detect suspicious activity. There are many resources that help you start or expand a cybersecurity awareness training program – check out this blog for suggestions on who to train and how to provide training. If you have a limited budget, you can start by sending your team free tip sheets on how to avoid phishing attacks and good cyber hygiene practices, then discuss it at a company meeting. If you have a larger budget, you may decide to use an on-demand subscription cybersecurity awareness training service. Whether you have a large or a small budget, every organization should implement an employee cybersecurity training program to reduce external threats as well as to improve their insider threat management awareness.
2. Limit employee access. Most employees have WAY more access to your data and your environment than they need. Limit employee access to only the information and systems they need to do their job – this is key for a successful insider threat management program. Your organization should also regularly review access and authorizations. It is crucial that you promptly remove employees who have left the organization (especially employees who may be upset), and update access for employees who may have changed roles. Remember to also regularly review and remove authorizations for former contractors, vendors, and partners.
3. Create a culture of security (not a culture of blame). Ask employees to immediately reach out to an appropriate contact if they think they may have accidentally clicked on a malicious link, become infected with malware, or seen suspicious activity. Helping to prevent unintended errors and training employees to be alert for suspicious activity should also be part of your insider threat management program. It’s important to offer easy reporting methods for concerns about personal or peer security issues. Some organizations allow employees to anonymously report any suspicious peer activity. Regularly communicate that employees who report any cybersecurity risks – whether it’s their mistake or the mistake of another – are heroes for stopping attacks before they can cause major damage. This simple change to your company culture can reduce your risks, especially since early detection dramatically decreases the costs and damage from a data breach.
4. Monitor your environment and your logs. Tune your security software to spot a threat before it becomes a full-blown incident. Strong insider threat management programs should include log monitoring to catch early signs on internal or external threats. Make sure you have a team monitoring alerts 24/7. This video on proactive monitoring and logging contains a wealth of information for starting or optimizing a monitoring program.
5. Conduct an insider threat self-assessment. CISA has released a new insider threat self-assessment This is a great way to start asking and answering the hard questions about your organization’s risks. Strapped for time? You can also bring in supplemental resources to conduct a risk assessment and request that your provider add an insider threat management assessment as part of the project.
6. Continue learning and advancing the maturity of your insider threat prevention program. Cybersecurity is constantly evolving, and your organization must continuously evolve and mature their cybersecurity programs. Ensure this is part of your strategic plan. Here are some additional tools and tips to further your knowledge:
   • Read a white paper on best practices for mitigating insider threats.
   • Read insider threats prevention advice and tips from other cybersecurity leaders.

We hope you find this information helpful and that you can strengthen your organization’s cybersecurity posture. Contact us if you need a risk assessment, help drafting new insider threat management policies, or support with your cybersecurity testing, training, or incident response.