11 Steps to Prevent Insider Threats Using Identity Governance (IGA)

11 Steps to Prevent Insider Threats Using Identity Governance (IGA)

Insider threats whether accidental or targeted, are recognized as one of the root causes of data breaches.



11 Steps to Prevent Insider Threats Using IGA

Insider threats cover a wide array of cyberattacks initiated by somebody inside the traditional security perimeter enforced by firewalls and intrusion prevention systems. Many organizations are still neglecting the insider threat, despite this threat source being recognized as one of the root causes of data beaches. Read our tips for preventing insider threats and keeping your organization secure.

While external attacks are nearly always intentional, insider attacks can be both intentionally targetted at an individual, malicious intent, or a breach caused by accident. Human error, negligence, compromised credentials, loss of devices, or broken IT processes leading to 'workarounds' put the organization at risk and has the potential to cause harm to both reputational image and bottom line.

Insider Threats are Still Neglected

Organizations tend to be better at providing protection against external cybersecurity threats rather than focusing on internal threats according to reports, and many organizations are therefore still neglecting the insider threat, despite this threat source being recognized as one of the root causes of data beaches

The insider threat can be prevented, but to do so, organizations need to apply robust processes to better control what employees have access to, why they need that level of access, and who assigned it to them. You need to know your joiners and leavers, and those transferring within the organization and apply policies to ensure access compliance. The combination of such processes and access policies, means you always have a transparent overview of access to the systems and applications your organization uses which will help keep potential security gaps closed. This will enable you to act quickly, if a data breach does happen, which is also crucial in relation to regulatory compliance such as GDPR.

How the Insider Threat Differs from the External Threat

Unlike external hackers, insiders do not need to infiltrate the perimeter defences such as firewalls and intrusion prevention systems.

The insider threat could be anyone who has (or has had) access to the systems, such as full-time employees, contractors, partners, or those who have left the organization but still have active accounts.

The damage could be caused by accidental access if someone happened to come across some information that they probably should not have access to, negligence where an insider failed to adhere to policies that were in place to prevent them from accessing sensitive data, or malicious intent when somebody actively set out to steal data or bring down systems.

11 Steps to Help Prevent Insider Threats Using Identity Governance

  1. Determine the different motives that an insider could have. These could include stealing personal data or intellectual property, or vandalism with the intent of destroying company records or bringing down business critical systems such as the company’s online store or CRM system
  2. Determine which systems are the most valuable to the insider and therefore the most likely to be targeted. The most desirable targets are usually those systems which contain intellectual property or privacy data, or that are key to keeping the business up and running
  3. Work with the business system owners across all divisions and departments to classify the data stored on their systems based on the sensitivity, such as privacy data and company confidential
  4. Establish who has access to these critical systems
  5. Decide who should have access to these system
  6. Audit each system individually to ensure that the desired state of access (i.e. who should be granted access and at what level) and the actual state of access (i.e. who really has access) are aligned
  7. Establish defined roles for employees so that the ongoing management of business-critical systems can be maintained based on the levels of data classification. Ensure that all individuals who have access to the business systems only have the required access they need to perform their duties within the organization
  8. Define procedures to revoke access rights that are no longer needed when an insider change role, moves department, or leaves the company. This will prevent an undesired escalation of privilege where a user account has more access than required which could leave critical business systems unnecessarily open to attack
  9. Monitor and manage who has access to privileged accounts by integrating your identity governance (IGA) processes with a privileged access management
  10. Define a procedure to quickly lock out a user from all systems if a breach has been suspected to prevent the insider from doing more damage, and use the system features such as the emergency lockout feature to ensure the damage is contained
  11. Continously audit processes to ensure policies are in place and adhered to

Balancing Robust Security and User Efficiency

Protecting critical assets against insider threats is a balancing act between locking down systems so employees and other insiders cannot get access to information outside of their remit and allowing users sufficient access so that they can do their jobs unhindered. Implementing a robust identity and access management solution combined with rigorous enforcement of policies and procedures will ensure that business operations are able to continue without exposing the company to unnecessary risk.


Learn more

Identity governance and administration can help your organization keep insider threats at bay. Find out much more about how you can bring your identity management and access governance to match you evolving needs or get in touch with us to learn more about how we have helped organizations like yours.

Read more

Insider Attacks Not Being Adequately Addressed

IAM and the Insider Threat

Is Coca Cola’s Recent Breach Notification GDPR Compliant?

Role-Based Access Control: What Is It and Why Do You Need It?