ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Mitigating the Insider Threat

Mitigating the Insider Threat

Rodney Piercy, CEH, CISSP
| Published: 1/30/2017 3:06 PM | Category: Risk Management | Permalink | Email this Post | Comments (2)

While we become more and more connected and dependent on technology, we also become more and more vulnerable. Most organizations spend a large amount of resources defending against the outsider threat, but what about the insider threat? The insider threat can be just as costly and devastating as the outsider threat, but how do you control and monitor the people who must have access to the systems and data that you are trying to protect? Do we as cyber security professionals really understand what options we have when dealing with an insider threat? Here are some methods to mitigate the insider threat:

  • Hiring practices—This is the first opportunity to find an insider threat. The personnel office has the ability, through social media and other avenues, to get a good understanding of an applicant’s personality and beliefs.
  • Policies and procedures—Most organizations already have policies and procedures in place. These must be reviewed, updated regularly and enforced to be effective. They cannot simply be put in place and forgotten.
  • Training—Many organizations provide some type of training as well. For training to be useful, it must be interesting and relevant to employees. If it is not, the training will not be useful to employees or the organization.
  • Culture—This is where many companies fail. If the culture of the organization is to take care of employees, they are much more loyal to the organization. If employees are not treated as valuable, they are much less likely to take care of the organization and may not be as concerned about the security of the systems and data they work with regularly. In addition to promoting security, good company culture will also play a role in reducing the insider threat.
  • Automation—Automation is an area that is currently being researched. There are ways to monitor certain keywords and other specific activities, but we must be careful when considering automated tools that monitor employees because they can very easily pose privacy issues. There are also automated means that are not directly related to the employee. The actions that an individual may take can cause issues within the network, and good network monitoring tools could give clues as to whether anomalies seen on the network are actually insider actions.

Which methods are used and how they are used is dependent on the organization. There are other factors that affect the method used, such as budget, amount and types of data, importance of the data, and leadership buy in. The way we deal with the insider threat may vary, but it is a threat that each organization must understand and mitigate.

Read Rodney Piercy’s recent Journal article:
The Persistent Insider Threat,” ISACA Journal, volume 1, 2017.

Comments

Re: Mitigating the Insider Threat

Last but not least, tone of the top of top-level management
Antonius Ruslan at 1/30/2017 7:26 PM

Re: Mitigating the Insider Threat

Last but not least, tone of the top of top-level management
Antonius Ruslan at 1/30/2017 7:27 PM
Email