September 15, 2021//Isa Jones
The threat isn’t always coming from outside an organization. In any organization, big or small, employees are given access to critical information, files, data, and more. It may seem like employees, or internal users, would be the obvious people to trust with these kinds of assets. The organization hired them, HR probably conducted a background check, and for many, accessing certain assets is a requirement of the job. But, when it comes to cybersecurity, the motto remains: trust no one.
An insider threat is the threat of sensitive, critical assets getting compromised, stolen, or mismanaged by internal users. It can be caused by insiders with malicious intent or can be caused by accident.
According to the Verizon 2021 Data Breach Investigations Report. 17% of data breaches in 2021 were caused by miscellaneous human error.
According to the Ponemon Institute 2020 Cost of Insider Threats: Global Study, there were 4,716 insider incidents recorded across the globe, and the cost of an insider incident almost doubled between 2019 and 2020 from $493,093 to $871,686.
Insider accounts have been abused, such as when employees take advantage of their internal access privileges to access restricted information, when attackers compromise accounts to perform malicious acts, or when human error occurs.
No matter the reason, the insider threat needs to be managed, as the possible damage can be as costly as an external attack.
While there are many techniques, technologies, and practices that can mitigate rapidly growing insider threats, user access review is a strong place for many organizations to start.
A user access review is a periodic inventory of access rights to certain networks and systems and the users who have access permissions into those networks and systems. It looks at who’s accessing what, what level of access they have, and if they have valid reasons for access rights. If an organization has a super curious employee who found a way into the payroll systems and is randomly looking up other employee’s salaries, that’s something an organization needs to know to put a stop to it. Or even if there’s no snooping, an organization needs to know, and stop, if an employee who doesn’t work in accounting accidentally got access to those payroll systems. Access review would bring those two scenarios to an organization’s attention. This brings us back to mitigating insider threats.
Insider incidents often occur because an internal user is able to gain access to a critical asset that they should not have access to. Take the random employee being able to view other’s salaries. There’s no need for that access, and it can cause issues down the road. User access review can prevent that specific scenario, as well as others, like:
In addition, access review also serves as a failsafe, ensuring the following controls (which need to be implement for robust critical access governance) are properly implemented/managed:
The best way to stop an insider incident is to prevent one from happening in the first place. By employing aspects of Zero Trust and the principle of least privilege and pairing those with a thorough user access review system – like SecureLink Access Intelligence — insider threats can be thwarted before they even occur.
Learn more about how to better utilize user access review and protect against insider threats here.