Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Top 5 ways to combat insider threat

February 9, 2018

  • Blog
  • Archive

I’ve been talking about insider threat for nearly 10 years and advocating the position that compromising an insider is a lot easier for an adversary than breaking into an organization from the outside. Yet, around one-third of organizations don’t have an effective way to detect insider threat, and fewer than one-fifth don’t have a response plan in place to mitigate damage from an insider incident.

There are some relatively easy ways to protect the organization from both the malicious insider and the unintentional insider. Here are my top five:

1. Control or eliminate email attachments and links

Emails are the primary attack vectors in use today, and while the message itself isn’t dangerous, links and attachments are. Today’s security product vendors are offering real-time malware assessment of links and attachments that will quarantine a suspicious attachment or prevent connection to a dangerous link.

2. Properly manage and control access to data and critical systems

Role-based permission, removal of administrator access, and the principle of least privilege are your friends. Work with your HR team and line of business managers to understand user roles and the types of application and data access they need to do their jobs. Then, assign only that access level, no more.

3. Know where your data is

An important corollary to point 2 is knowing where mission-critical and sensitive data resides in the system so that you can lock it down with appropriate permissions. If you don’t know where it is, how can you protect it with the right level of access?

4. Monitor employee behavior and look for anomalies

This can occur at many levels, including action monitoring software. It’s not intrusive to look for excessive data dumps or repeated attempts to look at files or directories that are not permitted – it’s good business. But it also makes sense to educate employees to be on the lookout for behavioral changes in their coworkers – what are the signs of financial or emotional distress that could lead to an attack on company systems…or worse.

5. Raise security awareness

Last but not least is the need for ongoing security awareness training that is an integral part of company culture – not an afterthought or a “checklist” item. A company that partners with employees to ensure security awareness will do better than one that forces compliance or just performs training to check a box.

I’ll leave you with this important point. It is easy, while evaluating attack vectors, researching competitors and gauging the threat from organized crime or foreign adversaries, to conclude that external attacks should be the primary focus of defense. This conclusion would be wrong. The critical element is not the source of a threat, but its potential for damage. Evaluating threats from that perspective, it becomes obvious that although most attacks might come from outside the organization, the most serious damage is done with help from the inside.

Author bio:

Dr. Eric Cole is a renowned security expert with over two decades of in-the-trenches experience in IT and network security. He is the author of several books and textbooks, including Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible 2nd Edition, and Insider Threat, and has presented at many major conferences. He also served as a member of the Commission on Cyber Security for the 44th President, Barack Obama, and sits on several executive advisory boards.

Twitter: @DrEricCole,

secure-anchor.com

Dr. Eric Cole

Cyber Security Scientist | Keynote Speaker | Author | Founder and CEO at Secure Anchor Consulting

Dr. Cole is an industry-recognized security expert with over 20 years of hands-on experience. Dr. Cole has experience in information technology with a focus on helping customers focus on the right areas of security by building out a dynamic defense. Dr. Cole has a master's degree in computer science from NYIT and a doctorate from Pace University with a concentration in information security. He served as CTO of McAfee and Chief Scientist for Lockheed Martin.

Dr. Cole is the author of several books, including Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible 2nd Edition, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is the founder and an executive leader at Secure Anchor Consulting where he provides leading-edge cyber security consulting services, expert witness work, and leads research and development initiatives to advance the state-of-the-art in information systems security. Dr. Cole was the lone inductee into the InfoSec European Hall of Fame in 2014.

Dr. Cole is a Former SANS Faculty Fellow who was actively involved with the SANS Technology Institute (STI), including the students, teachers, and courseware.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.