Home / Blog Overview / 3 Ways to Trip Up Internal Attackers
Access Controls | May 14th, 2019

3 Ways to Trip Up Internal Attackers

We know from plenty of research that insiders pose one of the most pressing and expensive threats to your organization. And some insider threats are the result of malicious actors who intend to commit fraud and theft within your business.

But what motivates internal attackers? Why do those trusted with privileged access to corporate data and assets use that access for nefarious purposes? Researchers at Carnegie Mellon’s CERT cybersecurity division have dug into the topic for years. According to their studies, malicious insiders typically have one of these four motivations:

  • Theft for financial gain
  • Theft for business advantage (IP theft)
  • IT sabotage
  • Miscellaneous, sometimes unclear motives

As the data reveals, untrustworthy insiders could be interested in stealing corporate funds or IP for their own gain. Or maybe they hold a grudge and want to disrupt the company’s operations in order to embarrass executives and impact the company reputation. Their reasons are varied.

With so many different factors motivating inside attackers to commit crimes and use their access for ill-gotten gains, how can organizations find ways to stop them from committing internal data breaches? The answer: by being proactive and addressing the inside risks that give them the chance to take advantage of gaps in security BEFORE they get the chance to strike. Here are three ways organizations stop internal attackers in their tracks:

  1. Get visibility into access risks

Access control is often poorly managed in many organizations. As many as 74 percent of IT decision makers whose organizations have been breached say it involved privileged access credential abuse, according to some research estimates.

Often malicious insiders do not even require highly technical skills to steal information because there is so much opportunity for them to access the goods with little effort. In an environment where sensitive data is accessible by employees—and by many who shouldn’t have access—even the most important information becomes low-hanging fruit that is ripe for the picking.

Gain visibility into access risks as your first step to trip up internal attackers.  Understand each user’s access, whether they have access to sensitive data if it is appropriate for their role.

Often there is little oversight into roles and access risk, and as job responsibilities change, user privileges for former roles stay intact. A criminal insider can exploit this access. For example, if an employee who once had invoice or order creation responsibility is now in charge of approving payments or shipments, they can use this end-to-end access to create phantom vendors and pay them for their own financial gain.

Utilize a tool that can analyze and report on access risks so you know where you are vulnerable.

  1. Lock down access controls

Once you know where access risk lies, it is critical to put effective controls in place to prevent malicious insiders from getting to and exploiting sensitive data.  Your next essential step to guarding against internal attacks is to ensure that only those who require access to assets actually have that access.

This means configuring the appropriate segregation of duties (SoD) for all staff. Research from Gartner finds effective segregation of duties controls can reduce the risk of internal fraud by up to 60 percent.

Of course, locking down access is not a once-and-done duty. You will need to ensure whatever tool you have in place can address new requests, issue new approvals and assign roles as needed, all while continuing to keep SoD risks at bay. The tool should be able to identify role conflicts and ensure approvals are only made with a full depth of understanding about potential conflicts.

Get ahead of insider threats with simulation

Once segregation of duties is assigned properly, this should prevent any insider from accessing data outside of their professional role. But that doesn’t mean a bad actor won’t someday try. Get in front of potential risks with analysis that details which users and roles are at risk for potential conflicts if new access privileges were added.

Before adding new roles or access, simulate the risk impact of this change and proactively check for risks new role changes will introduce. Role conflicts you may not even have considered can crop up, and before an insider has an opportunity to use that access in the wrong way, you’ll know if the access poses a risk to the organization. There are tools available to help analyze which users and roles are at risk for potential conflicts.

Proactive defense can thwart internal attackers

Most insiders are good people with honest intentions, and with the best interest of the company at heart. But the numbers show malicious insiders are a significant problem for business as well. Instead of hoping for the best or ignoring the potential risks, security leaders need to take a proactive approach to tackling the possibility of internal attackers by evaluating gaps in security, plugging holes in access among employees, and continuing to stay on top of privileged access in the future.

    Leave a Reply

    Your email address will not be published. Required fields are marked *