Well-funded hackers with sophisticated tools strike fear in everyone responsible for cybersecurity. For instance, the U.S. and U.K. have issued joint sanctions on Russian cybercrime group Trickbot, which has extorted $724 million in cryptocurrency in ransomware attacks. Other notorious gangs include North Korea’s Lazarus Group, Russia’s FIN7, the Magecart Syndicate and Evil Corp.
As menacing as these groups may sound, Stephen in sales and Ellen in engineering likely pose more imminent threats.
IT professionals say the top threats to network security come from those inside an organization. According to the Ponemon Institute’s 2022 Cost of Insider Threats: Global Report, security incidents involving insider threats have increased 44 percent since 2020. The cost of an incident is estimated to be $15.38 million, up more than a third from the previous report.
Common Insider Threats
Insiders include employees, contractors and other users with authorized access to systems and data. Some will steal data or destroy systems because they are disgruntled or under financial stress. Employees may also take data when they leave the company because they believe they are entitled to it.
However, breaches are more likely to result from employees who unintentionally mishandle sensitive data or commit policy violations with “workarounds” that bypass the IT process. Common risky behaviors include sending files to personal email accounts, downloading data to a memory stick or consumer-grade cloud storage site, and writing down passwords.
Third-party vendors with privileged network access also create significant vulnerabilities — industry experts estimate that about 60 percent of all data breaches can be attributed to a vendor. These vulnerabilities often occur when vendors share log-ins and passwords with other members of their team, or have weak internal security practices that put credentials at risk.
The Right Security Tools
Given the number of high-profile data breaches caused by compromised privileged access credentials, it’s crucial that organizations mitigate that risk. An important first step is to structure employee education programs, develop risk management plans and establish security best practices.
Modifying behavior through education and policy isn’t enough, however. Organizations must also have the right security tools to prevent breaches and identify potential vulnerabilities. A good approach would be the deployment of a unified threat management (UTM) platform — an all-inclusive security product able to perform multiple security functions within one system.
Typical UTM solutions include numerous measures to keep intruders out of the network. These include firewall, intrusion protection and detection, antivirus, anti-spam, and a VPN. However, newer UTM appliances also provide access control features to minimize insider threats. They allow the creation of identity-based network access policies for individual users and provide visibility into network activities. This makes it possible to identify patterns of behavior by specific users or groups that can signify misuse, unauthorized intrusions or malicious attacks.
Today’s UTM solutions also can include data loss prevention (DLP) capabilities. This feature examines outbound network communications such as email and file transfers, as well as host-based activities such as copying files to removable media. DLP scans will generate alerts if any of these activities violate company policies.
Content-filtering features within UTM solutions provide another level of protection. These solutions can filter web-based applications, identify malware signatures and examine instant messaging and email to protect against data leakage. They can also enforce access policies on remote and mobile devices that are used outside the network.
While we tend to hear about sophisticated attacks by cybercrime gangs, the fact is that a significant number of security breaches result from simple human error and risky behaviors. IronLogix can help you address these threats with solutions that give you strong control over network access and usage.