5 Layers of Defense That Prevent Insider Threats 



5 Layers of Defense That Prevent Insider Threats

By Isaac Kohen

The Nexus  |  12 June 2017

According to IBM reports,1 more than half of all cyberattacks are instigated by insiders. Why are so many organizations far more vulnerable to insider threats than external ones? The reason is simple: Managers do not take the proper precautions necessary to educate their staff and prevent insider attacks.

Traditional measures for preventing data breaches—passwords, firewalls, intrusion detection systems and key cards—are insufficient in safeguarding against insider threats since employees have already been granted access to sensitive company data. Rather, internal security needs to be addressed and dealt with separately.

“No organization is without an insider threat.” – Arlette Hart, US Federal Bureau of Investigation chief information security officer

Here are five internal safety best practices all companies should implement and adhere to.

Identify Who and What Poses a Threat

To avoid the risk of malicious activity, companies need to identify high-risk employees and carefully monitor their behavior. Many organizations are under the false impression that providing employees with login credentials and passwords, as well as limiting security and access permissions, will ensure data protection. But without a monitoring and tracking system in place, unauthorized internal data access can easily occur through a colleague’s computer and employees can share classified materials without being detected.

Monitor Information, Employees and Physical Spaces

Once you have identified the information that is at highest risk for a security breach, you will need to implement software to monitor employee emails, logins, downloads, file printing, cloud uploading and web surfing for any harmful or irregular activity.

Employees who have had negative work experiences such as a termination or a dispute with an employer pose some of the highest risk and should be carefully monitored.2

Encrypt Data

Encryption can now be counted among the key layers of internal defense necessary to protect data, both internally and externally. Organizations can maintain document security, even if their data have already been breached internally, if the files have been effectively encrypted. According to TechTarget, some of the enterprise encryption vendors voted most popular today include Symantec, McAfee and Check Point Software Technologies.3

Consider Technical Restrictions

Organizations and companies that handle highly sensitive data may consider limiting employee technology permissions. This can include banning the onsite use of personal and external devices, such as universal serial bus (USB) sticks, unauthorized web applications (apps) and cameras. This may also include limiting access to certain websites, setting bandwidth restrictions, limiting file sharing permissions and other restrictions.

Train Employees About Security Protocols

Sometimes all is takes for a data breach is an innocent, yet careless employee. It is critical to educate employees about common security best practices and the importance of maintaining them. Train all employees on the importance of using effective passwords, two-step authentication, logging out of a session when leaving a computer and never downloading a file from an unidentified provider.

The Best Offense Is a Good Defense

As the old saying goes, “the best offense is a good defense.” While establishing these critical layers of defense may seem somewhat tedious and time consuming, it is insignificant in comparison with the average detection time, damage incurred and epic cost attributed to recovering from an internal breach.

Isaac Kohen

Is the founder and CEO of Teramind, an employee monitoring and insider threat prevention platform that detects, records and prevents malicious user behavior. He can be reached at ikohen@teramind.co.


1 Bradley, N.; “The Threat Is Coming From Inside the Network: Insider Threats Outrank External Attacks,” Security Intelligence, 1 June 2015
2 Moore, A. P.; D. M. Cappelli; R. F. Trzeciak; The “Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures, Software Engineering Institute technical report, May 2008
3 Loshin, P.; “Readers' 2016 Top Picks for Enterprise Encryption Tools,” TechTarget



ISACA Knowledge Center

Share Knowledge about Cybersecurity with other members and discuss current issues. Collaborate, make connections and learn how to keep your enterprise safe

Knowledge Center