17 Aug, 2020

Insider Threat Awareness

by nVisium

If you have ever traveled to a foreign country, looked for a great new restaurant or went to the horse races for the first time, you probably looked up insider tips to help pave the way to an easier/better experience. Insider access has privilege and therefore is coveted for everything from tips on where to go, what to do and how to avoid problems. This also translates into our cyber world where insiders have access to critical IT resources that may be exploited for financial gain or even just malicious intent.

what is an insider threat?

Cyber threats are an unfortunate fact of life in our digitally driven world. While most threats reported in the press involve high-profile cyber criminals and hackers, another threat closer to home has always been a looming threat as well. Specifically, the insider who uses their credentials for knowing or even unknowing harm. Dubbed the “insider threat”, this is a challenge every Chief Information Security Officer faces daily. SecurityIntelligence validates this the definition of an insider threat as:

Insider threats are users with legitimate access to company assets who use that access, whether maliciously or unintentionally, to cause harm to the business. Insider threats aren’t necessarily current employees, they can also be former employees, contractors or partners who have access to an organization’s systems or data.”

The impact done by Insider threats has been tracked annually in the Verizon Data Breach Investigation Report and you can check out the 2020 report here. The issue is still significant enough that the US government is even dubbing September as National Insider Threat Awareness month.

national insider threat awareness month

The National Counterintelligence and Security Center within the Office of the Director of National Intelligence declared September to be “National Insider Threat Awareness Month.” Specifically, they offer:

“Participating in Insider Threat Awareness Month 2020 can help your program detect, deter, and mitigate insider threats by increasing awareness and promoting reporting. Insider threat awareness is not about curtailing protected free speech or suppressing legitimate whistleblowing; it is about preventing the exploitation of authorized access to cause harm to an organization or its resources. It is vital that we prevent these actions and safeguard national security, while protecting privacy and civil liberties.”

They also offer a number of resources to help better understand the risks and how to prevent major harm. A good example is the DOD Insider Threat Program – Best Practice report.

Ultimately, the declaration aims to educate organizations on spotting and reporting insider threats to stay ahead before they manifest into negative outcomes for the organization, its employees, and/or customers. The announcement focuses on malicious actors, but it is equally important to track the much more frequent prevalence of unintentional insider threats. So bottom line, you should develop ways to determine if you are vulnerable to insider threats.

trust but verify to protect against insider threats

The best way to protect against insider threats is to be constantly diligent in assessments for applications, infrastructure and cloud to ensure there are no vulnerabilities that may be exploited by knowledgeable insiders.

All nVisium assessments go beyond identifying security defects. We focus on helping clients meaningfully triage and fix vulnerabilities discovered during testing. nVisium is unique in our ability to provide exceptional remediation advice, which is specific, actionable, and aimed at reducing engineering overhead typically associated with mitigating security issues.

By integrating security into the development process, nVisium strives to find and help fix security vulnerabilities in our client's software while teaching our clients the importance of incorporating security from the ground up. We offer a range of comprehensive services to ensure that you and your company are protected from cyber threats, including security assessments, software assurance, and training.

Bottomline, is that you will ultimately need to start with security assessments for:

  • Applications: A standard assessment combines static and dynamic analysis, which allows our team to evaluate all aspects of an application and test risk mitigation solutions, this service also offers the most precise remediation advice.
  • Internet of Things (IoT): IoT presents its own unique set of security challenges and requires a broad skillset for assessing. Our IoT assessments identify weaknesses in an entire IoT architecture including software, hardware, API, and web/mobile components.
  • Networks: Using a combination of automated and manual techniques, our team will identify risks to your systems and networks that attackers could find and exploit. We will provide detailed information of our findings along with recommendations to help remediation efforts.
  • Mobile: Identify weaknesses in how an application interacts with the mobile device, the remote APIs it communicates with, how the application is written, and the libraries it uses to function.
  • Cloud: Assessments of AWS, Azure, or GCP go beyond the simple security issues that are easily detected through automation. We get to know the business purpose behind your architecture, review the design, and begin an analysis of security controls, monitoring and alerting, hardening, and IAM policies and permissions…. And BTW, we are an AWS Partner

Why be a victim of insider threats? A small investment is security assessments can eliminate the pain of lost data and privacy, so now is the time to act. Schedule a demo today.

security assessments DevSec Training Insider Threat

RECENT POSTS