Updated: Jan 22
When looking at overall security for any organization, don’t forget to look into internal security threats. This can be one of the hardest things to look into. It is hard to admit or face the fact that an employee could maliciously attack or compromise your business. This can be reason enough to step up internal security and have a strong incident response plan since an internal “issue” can be very damaging.
Looking for internal security threats
Not all threats are simply outside of any firewalls and networks. Companies can have a habit of focusing too much attention towards outside attacks from hackers and malicious software trying to “disrupt” an organization. Looking at internal security threats can be just as damaging to a company. This is especially true in regards to an employee or former employee having a lot of access to a plethora of sensitive data. They can easily have more access than any outside threat on an any given day. However, there are thankfully numerous ways to prevent this from happening.
Evaluating what an organization’s key assets are will dictate how to protect itself from insider threats.
First, determining exactly what constitutes internal security threats is essential. Determining how and why that can be a risk to an organization should be the next step. Discover what person has access to what, why and how. Is it important that an employee has access to everything? Is access to certain limited parts of an organization’s sensitive data adequate to carry out their assigned job description? Can temporary access be provided if need be?
Monitoring user activity
Monitoring users of suspicious or unusual behavior can help significantly. Recognize working habits and patterns for certain users. This will determine any unusual or odd activity. For example, sudden large amounts of file transfers or downloads may be unusual. This can help with determining if an outside breach has occurred or if it is internal. Resolving security issues as soon as possible is vital in minimizing any damage that may occur. Determining if they are either outside or internal security threats can help speed up this process a great deal.
Organizations rarely have a full suite of security systems in place to protect every aspect of the business. In such a case, a company needs to prioritize and triage similar to a pyramid. The most sensitive data at the top of the security pyramid has the most restrictions. It should also have the least number of employees with access to it. The lower part of this pyramid has the most lenient security with more employees able to gain access.
It is also encouraged to revisit security settings and levels on an annual basis should things change internally so IT staff know what to adjust or keep an eye out for. Rarely does anything security related stay the same over a long period of time as new ways of committing ominous breaches either internally or externally are constantly evolving, even over short periods of time.
The absent-minded human
One point to take note of is simply the human error or even absent-mindedness. Simply moving data to other media (maybe to continue working elsewhere) can have good intentions but may cause a major issue with the firm if that data gets lost or stolen. Employees accessing Internet-based services outside of an organization’s intranet are susceptible to a variety of threats. Some organizations choose to simply block access to (certain) websites and services it deems not job-related.
Integrating security systems for all services internally and externally will help spot malicious behavior. Even logging an event for later review by IT staff if not immediately detected as risky (and therefore simply blocking it), is advised. Not every activity can immediately be assessed and could simply require further, but a hasty, review. Time is rarely on the side of any security protocols.