Insider threats are a serious and very real concern for every organization, and I explained why in my previous blog post. What’s worrying is that there are not always indicators of an insider who is about to wreak havoc on an organization from within.
New research from our Global Threat Intelligence Center (GTIC) reveals that 75% of insider activity is accidental. So, what would be classed as an accidental threat?
Accidental insider threats can take on a variety of forms:
- Accidental disclosure (e.g., unsecured databases, default internet-facing username and password logins, or even, because of a single letter in a domain name, an email is sent to the wrong person).
- Improper or accidental disposal of physical records (e.g., disposal of paper without shredding, losing sensitive documents, documents or equipment being stolen etc).
- Accidental damage (e.g., accidental misconfiguration or command which results in loss of data or connectivity, like a network engineer who accidentally reverses the parameters in a command line and copies an old backup over the production system).
Statistically, miscellaneous errors account for around 30% of all accidental behaviors. These include publishing errors, disposal errors, or misdelivery of information. Unfortunately, the nature of humans means accidental insider threats are way more common than most people appreciate, and probably can’t be avoided completely. Thankfully, there are steps businesses can take to help mitigate the effects of the accidental insider threat.
- Have a written, established incident response (IR) plan in place. Keep in mind, this needs to be an IR plan to guide you and your organization through the aftermath of an accidental insider threat breach. You should periodically review your IR plan as if it is a living document, not a standard operating procedure manual created to take up space on an office bookshelf.
- If it does not negatively impact your operations, consider implementing a solution which makes it more difficult to send attachments to email addresses outside your organization.
- Align privileges/authorizations commensurate with employee roles. Or, put another way, don’t hand out “admin access” like free candy. And remind administrators that administrative accounts are to be used for admin functions, and that user accounts should be used for normal user duties. Reserve admin accounts for functions which truly require privileged access.
- While security awareness training does not “fix” anything, exposure to such training can raise employee awareness, and potentially elevate their level of care.
For more information on the accidental insider threat, or other types of insider threats that could be lurking in your business, download our Q3 ‘17 Threat Intelligence Report.