When it comes to the topic of cybersecurity, most of the talk around the industry is about protecting networks and sensitive data from external forces. In reality, the threat from within an organization is equally dangerous. In fact, according to a recent report from Intel, 43 percent of all security incidents (and subsequent data loss) were caused by insiders. That means that nearly half of the risk your company is subject to will come from employees. Are you doing enough to protect against this? Here are five things you can start doing today to create stronger internal security protocols and mitigate risk.
Educate and train employees.
Do your employees truly understand what’s at stake when it comes to protecting the organization’s sensitive data? According to recent statistics, probably not. In fact, Forrester research revealed that 49 percent of knowledge workers are either unaware of or don’t understand the cybersecurity policies of the companies for which they work. And since half of all internal security breaches are caused by accident, this is a key area to focus your efforts.
Make it clear to employees that they are the first line of defense and arm them with the information and support they need to adequately fulfill this responsibility. Educating and training employees can greatly reduce the risk of vulnerabilities due to human error. Even things as simple as creating secure passwords and remembering to log out of the network whenever they leave their workstation can significantly reduce potential exposure.
Test and audit regularly.
Don’t just assume that because you’ve established and communicated clear cybersecurity protocols and educated your employees that there’s no more risk to worry about. A recent study by Forrester indicates that some 42 percent of cyberattacks are initiated by interaction with an internal party, such as a phishing, ransomware and other malware infiltration launched via a malicious email attachment. Unfortunately, cyber criminals are becoming savvier by the day, perfecting their craft by creating material that appears authentic.
Avoid becoming a victim by keeping employees well-versed and up to date on the many different tactics that hackers use and educating them on what to watch for. Then, follow up by performing regular spot-tests and audits to ensure compliance and identify areas where additional training may be warranted. Have employees take pop quizzes on security protocol, conduct routine workplace checks, and perform regular simulated email attacks.
Don’t forget third party associates.
Permanent employees aren’t the only “insiders” that can wreak havoc on an organization’s cybersecurity. Chances are there are a good number of external parties who have some type of access to the inner workings of your company, whether it’s temporary workers, contractors, consultants, vendors or someone else. These third parties effectively widen the attack surface and open additional avenues for cyber criminals to find and exploit vulnerabilities to gain unauthorized network access.
The recent publicized attacks on such big-name corporations as Home Depot and Dairy Queen were ultimately traced back to exposures that occurred with third-party suppliers. This risk can be mitigated by developing and/or strengthening security alliances with all business partners. By working together, sharing experiences and best practices, everyone will become a stronger fortification against all those attackers out there lurking in the wings, waiting to pounce on any opportunity they see.
Fight fire with fire.
You’ve probably already invested in safeguards like network access controls, firewalls, encryption and SIEM technology, but as recent history has proven, this simply isn’t always enough to keep the enemy at bay. Remember – insider accidents are responsible for half of the breaches caused by employees. That means that opening a suspicious email or clicking on a malicious link could provide hackers the foot in the door they need to access your network, systems and data.
Double down on your cybersecurity by incorporating advanced automation technology. This can serve as a force multiplier for your existing incident response strategy so that even those instances where a threat is able to penetrate the hedge of protection you’ve got in place, it can be quickly detected and isolated, thereby mitigating the damage that could potentially be done. An automation and orchestration platform like this will allow you to effective fight fire with fire for a much stronger defense.
Plan ahead for crisis management.
With the relentless number and increasing complexity of incoming attacks, the question is no longer will an organization be targeted, but when. That’s why it’s critical to have an existing plan in place that can be activated the moment a breach is discovered. Start by establishing a crisis management team that includes top leadership from each department (remember – cyber-attacks can occur anywhere, not just in IT).
Your crisis management plan should include details about what actions should be taken, how and when based on various if/then scenarios. It’s also good practice to determine in advance the level of transparency you are comfortable with following a breach. For instance, who should be informed and what information should be passed along pertaining to the incident. It’s also important to communicate with employees so they’re aware of how they should respond should they be questioned about the breach.
With insider threats making up nearly half of all successful cybersecurity breaches, the importance of protecting your organization from the inside out has never been more evident. The steps above should help you fortify your defense – both internally and externally – to keep your network and data safe from potential harm.