IAM and the Insider Threat
Employees are undoubtedly one of the most important assets for any organization. Increased digital competences among employees and digitalization, however, means that employees find creative workarounds to do their work, which often leads to employees creating cyber security threats. Paired with the threat of the disgruntled employee, insiders are an often-overlooked security threat.
April 2018: In the age of cybercrime, most expect the largest threat to be the external one, but in reality, the insider threat has time and time again been positioned as the main threat for organizations. This therefore means that focus should be not just on keeping outsiders out, but also keeping insiders in control. Knowing who has access to what, why, and when, is critical in keeping the insider threat in check.
Why protection from the insider threat matters
According to recent data from Cybersecurity Insiders, 37% of organizations state that the highest risk factor for insider threats is too many users with unnecessary access privileges, followed by the increasing number of devices with access to sensitive data (36%) and the increase in IT complexity (35%). Further, data shows that 53% of businesses have experienced insider attacks in the past year alone, with 27% noting that the attacks are becoming more frequent.
Accenture and the Ponemon Institute’s newly published Global Cost of Cybersecurity report notes that insiders cause the most havoc in an organization. Insiders are defined as employees, temporary employees, contractors, and business partners and it is especially larger corporations that struggle with insider crime.
A disgruntled former employee, for example, who still has access inside the company can quickly do a lot of damage.
Data has become a valuable commodity – and privacy data and corporate data are some of the most valuable out there. So how can organizations prevent insider data breaches and crime?
The non-hostile threat
Recent data, among others from NTT Security 2017 Q3 Global Threat Intelligence Center, notes that employees often put an organization at risk without even knowing it. According to the report, only about 25% of insider threats are hostile. The remaining 75% are due to accidents or negligent activity.
The figures illustrate a need for technical measurements, to limit accidents and negligent actions. Many organizations are still not in control of who has access to what and why. An important first step to get in control of insider accidents and negligent activities is to get this control. By implementing efficient identity and access management, organizations get an overview of what employees have access to. Further, organization can govern this control, thereby continually minimizing risk
The non-static insiders
Besides employees, most organizations also have temporary employees, contractors, and business partners who need access to the systems. These employees and insiders are non-static, moving across the organization throughout their lifetime at the business. Employees for instance join, get promoted, go on maternity leave, return from maternity leave, move department, and leave or retire.
The employee journey across the organization means organizations must continually govern the employee identity, at all times having an overview of the identity’s access to the systems and applications, keeping loop holes closed off.
This in turn means organizations can act quickly, should a data breach happen, as is relevant for among others the General Data Protection Regulation (GDPR).
The remote employee
Working from home or while on the move is a trend that has come to stay. While this makes working much easier and flexible for employees, this poses a significantly increased security threat for the organization. Systems become increasingly decentralized, which creates an open environment where data is even more difficult to protect. With many applications additionally moving to the cloud, workspaces are becoming virtualized, challenging overall security and compliance for organizations.
Segregate duties and implement role-based control
Role-based access control and segregation of duties allows the organization to provide another layer of security.
An organization needs internal policies to detect and evaluate toxic combinations or violations of access rights. Segregation of duties (SoD) breaks down tasks into multiple tasks, so no single person is solely in control of tasks that constitutes risks. Payment and approval of invoices, for example should be separated into individual tasks. The challenge for the organization is to find the balance between ensuring security by breaking up tasks to individual responsibilities yet doing so without increasing complexity and restraining the business. The SoD management supports a mitigation workflow where a security officer and/or manager can evaluate all violations for an identity with the possibility of overriding selected violations.
Role management reduces both the complexity in user administration and the associated costs, thereby increasing the level of control and providing the ability to audit access rights for compliance and security audits.
The policy and SoD management processes are used to define policies for toxic combinations of access rights assigned to the same person, detect any violations, and evaluate these to determine if the combination of access rights should be allowed or blocked.
Get the overview, keep the overview
Companies need to pay heed to the insider threat and implement the necessary processes and IT systems that limit the access to privacy data and systems, which spot cybersecurity threats before they happen. Organizations need to ensure they are not left wide open to an attack, internal or external.
Getting an overview of the organization’s data is a good place to start. Who has access to what, when, for how long - and why. This is also where identity access management come into the picture. Identity and access management allows an organization to automatize access control, making security, efficiency, and compliance easy.
Once this is in place, organizations then need to ensure the access control is maintained. Access control should be continually updated according to the set policies. This is the governance aspect, which takes into consideration the joiners and leavers and those moving around in the organization. The combination of these, means the organization at all times has an overview of the access to the systems and applications the organization uses and can thereby keep loop holes closed off. Being able to document an overview of who has access to which system is also an important part of being GDPR compliant, where access to privacy data must be limited to employees who need this access to perform their job.
Automated processes minimize the insider threats and taking control of identities and privileges improves resilience. Time and time again, security reports indicate that successful cyberattacks are the result of abuse of privileges. Managing the user accounts’ access, including privileged accounts, is therefore key and if this is not already being done, organizations should get going.
Identity and access management can help your organization keep insider threats at bay. Find out much more about how you can bring your identity management and access governance to match you evolving needs or get in touch with us to learn more about how we have helped organizations like yours.
Omada – Do More with Identity