How IT teams can prevent insider threats (from both malicious and careless activity)

With insider threats emerging as one of the biggest risks to corporate data, organizations are recognizing the need for security solutions to manage and secure network access for all employees and prevent data breaches, intentional or not.

The risk from Insider Threats

Our own report on insider threats estimated over 666,000 Internal Security Breaches occurred in US business during the last 12 months, an average of 2,560 per working day. A report from Clearswift found that 58% of all data security threats come from the extended enterprise (employees, ex-employees and trusted partners).

Some insider incidents come about from accidental behavior; others are doing authorized things for malicious purposes.

Either way the consequences for an organization can be costly. IBM estimates the average cost of an insider attack at $11.45 million. Of course, some incidents have cost large companies more than $1 billion.

Whether we’re dealing with careless or malicious activity, both involve authorized users who have access and rights. To thwart insider threats, organizations are recognizing the need to better manage network access for authorized users and close existing network security gaps.

How to implement an insider threat program

If you are one of the many IT professionals expecting to implement insider threat programs in the next year, here is a quick overview of best practices.

Focus on securing user access to prevent the insider threat

So, how can IT teams use technology solutions to better prevent insider threats from both malicious and careless activity?

UserLock, an MFA and access management solution, addresses the following security gaps to help mitigate insider threats and protect sensitive information for Windows and Active Directory Infrastructure.

1. Stop unauthorized access even when credentials are lost, stolen, or compromised

Most malicious data breaches are the result of weak or stolen credentials. Social engineering has been used to describe the various means of conning people to reveal personal information such as passwords.

UserLock stops malicious users, even if they're using valid credentials. For one, UserLock MFA adds an extra layer of security to make sure the right person is using the right credentials. What's more, it also reduces network vulnerability by making it impossible for a rogue user to use a valid password at the same time as their legitimate owner. This is made possible by preventing concurrent logins.

In addition, by restricting user’s individual access to the network by physical location (workstation or device, IP range, department, floor or building) and setting usage/connection time limits, UserLock ensures unauthorized access is no longer a possibility — even when credentials are compromised.

2. Manage the threat of shared passwords

Despite the increase awareness, shared passwords are a real problem. Unfortunately, many people don't understand the risk of sharing passwords at work. Thankfully, there are a few key ways to stop password sharing and bolster password security at your organizations.

With UserLock, the ability to prevent concurrent logins decreases the likelihood of users to share credentials as it impacts their own ability to access the network.

UserLock provides the motivation to adhere to password security policy and help protect the organization’s critical assets.

3. Ensure access to all of the organization’s critical assets is attributed to an individual employee

Specific events need to be associated with specific users for accountability. Organizations need to know exactly who is on the network and what they are doing.

With UserLock’s granular rules and policies to secure network access, accountability and non-repudiation issues are removed.

UserLock automatically identifies each unique user making them responsible for each and every activity.

4. Offer immediate response to suspicious or disruptive access behavior

UserLock empowers IT by monitoring, recording and automatically blocking all suspicious sessions.

What’s more, it can proactively deal with suspicious or disruptive employees to reduce the risk of malicious activity. As soon as any suspicious access event is detected, UserLock can alert the administrator, offering IT the chance to instantly react by remotely locking, logging off or resetting the appropriate session.

5. Perform accurate IT forensics in the event of any IT security breach

In addition to real time session surveillance and monitoring, UserLock records all session logging and locking events in an ODBC database (Access, SQL Server, Oracle, MySQL …) giving IT administrators the ability to support accountability, legal investigations, and internal trends analysis.

If an IT security breach does occur, UserLock will provide accurate, detailed information about who was connected, from which system(s), since what time, for how long, etc.

6. Educate employees on data security

Employees need to understand what security policies and procedures are, why they exist and what security measures are used on the network. Informed employees are the second line of defense! (logins are the first!)

From CERT best practices, “A consistent, clear message on organizational policies and controls will help reduce the chance that employees will inadvertently commit a crime or lash out at the organization for a perceived injustice.”

UserLock allows an organization to notify all users prior to gaining access to a system with a tailor-made warning message. Messages about legal and contractual implications discourage employees from committing cybercrime or lashing out at the organization for a perceived injustice.