How IT Teams can Prevent Insider Threats from both Malicious and Careless Activity.

With insider threats emerging as one of the biggest risks to corporate data, organizations are recognizing the need for security solutions to manage and secure network access for all employees and prevent data breaches, intentional or not.

The risk from Insider Threats

Our own recent report entitled ‘The Insider Threat Security Manifesto – Beating the threat from within‘ estimated over 666,000 Internal Security Breaches occurred in US business during the last 12 months, an average of 2,560 per working day. A report from Clearswift found that 58% of all data security threats come from the extended enterprise (employees, ex-employees and trusted partners).

insider threat

Some insider incidents come about from accidental behavior; others are doing authorized things for malicious purposes.

Either way the consequences for an organization can be costly. An insider attack costs a company approximately $412,000 per incident and approximately $15 million in annual losses per company. Some incidents have cost large companies more than $1 billion.

Whether we’re dealing with careless or malicious activity, both involve authorized users who have access and rights. To thwart insider threats, organizations are recognizing the need to better manage network access for authorized users and close existing network security gaps.

Implementing an Insider Threat Program

If you are one of the third of IT professionals expecting to implement insider threat programs in the next year, here is a 12-step-guide to ensure that it is set for the future. The guide follows research from IS Decisions into how 500 IT decision makers area tackling the insider threat.

 

Focus on Securing User Access to Prevent the Insider Threat

So how can IT teams use technology solutions to better prevent insider threats from both malicious and careless activity?

UserLock, from IS Decisions, addresses the following security gaps to help mitigate insider threats and protect sensitive information for Windows and Active Directory Infrastructure.

1. Stop Unauthorized Access even when Credentials are Lost, Stolen or Compromised

password security policy

39% of all malicious data breaches* are the result of negligence including password theft. Social engineering has been used to describe the various means of conning people to reveal personal information such as passwords.

Source: Symantec ® “Malicious Attacks Catching Up & Costing More” 2013

UserLock stops malicious users seamlessly using valid credentials. It reduces network vulnerability by making it impossible for a rogue user to use a valid password at the same time as their legitimate owner. This is made possible by preventing concurrent logins.

In addition, by restricting user’s individual access to the network by physical location (workstation or device, IP range, department, floor or building) and setting usage/connection time limits, UserLock ensures unauthorized access is no longer a possibility – even when credentials are compromised.

2. Manage the Threat of Shared Passwords

Despite the increase awareness, shared passwords represent a real problem in organizations, as highlighted by the US patient-record security breach. By using other people’s passwords an individual from a partner company gained unauthorized access to the medical records of up to 1,800 patients within Hospitals.

hipaa network security

With UserLock, the ability to prevent concurrent logins decreases the likelihood of users to share credentials as it impacts their own ability to access the network.

UserLock provides the motivation to adhere to password security policy and help protect the organization’s critical assets.

3. Ensure Access to all of the Organization’s Critical Assets is Attributed to an Individual Employee

Specific events need to be associated with specific users for accountability. Organizations need to know exactly who is on the network and what they are doing.

Concurrent logins

With UserLock’s granular rules and policies to secure network access, accountability and non-repudiation issues are removed.

UserLock automatically identifies each unique user making them responsible for each and every activity.

4. Offer Immediate Response to Suspicious or Disruptive Access Behavior

UserLock empowers IT by monitoring, recording and automatically blocking all suspicious sessions.

What’s more, it can proactively deal with suspicious or disruptive employees to reduce the risk of malicious activity. As soon as any suspicious access event is detected, UserLock can alert the administrator, offering IT the chance to instantly react by remotely locking, logging off or resetting the appropriate session.

secure-user-access-insider-threat

5. Perform Accurate IT Forensics in the Event of any IT Security Breach

In addition to real time session surveillance and monitoring, UserLock records all session logging and locking events in an ODBC database (Access, SQL Server, Oracle, MySQL …) giving IT administrators the ability to support accountability, legal investigations, and internal trends analysis.

If an IT security breach does occur, UserLock will provide accurate, detailed information about who was connected, from which system(s), since what time, for how long, etc.

IT-forensics-insider-threat

6. Educate Employees on Data Security

Employees need to understand what security policies and procedures are, why they exist and what security measures are used on the network. Informed employees are the second line of defense! (logins are the first!)

From CERT best practices, “A consistent, clear message on organizational policies and controls will help reduce the chance that employees will inadvertently commit a crime or lash out at the organization for a perceived injustice.”

UserLock allows an organization to notify all users prior to gaining access to a system with a tailor-made warning message. Messages about legal and contractual implications discourage employees from committing cybercrime or lashing out at the organization for a perceived injustice.

educate-users-insider-threats

In Conclusion

The Insider threat will pose increasingly high risks to organizations across all sectors. A recipe of tools and strategies are required to prevent data leakage.

By prohibiting concurrent logins, controlling and managing network access, alerting IT about inappropriate user access and empowering IT with access intelligence, UserLock offers organizations a way to close security gaps and protect against insider threats from authorized users.

Further resources!

To help organizations defend against the damage or theft caused by insiders, The CERT Insider Threat Cente at Carnegie Mellon University have published the Common Sense Guide to Mitigating Insider Threats:

This article details how UserLock can help organizations implement CERT best practices.

And lastly…. a short Video Presentation of UserLock. A Free 30Day Trial can be downloaded here

 

Share this post :

Chris is Community Manager of IS Decisions. IS Decisions software offers organizations proven and effective solutions to help protect a Windows Network against Insider Threats.

Secured By miniOrange