Your greatest cyber threat? Insider threats. Your own people.

One in five incidents are caused by your own people and two out of three companies are victims of at least one internal incident every year. The reason for all these internal threats? The increasing number of devices and cloud applications with company data. Thanks to teleworking, the use of cloud technology and ‘bring your own device’ (BYOD) is increasing and, with that, more and more devices and data end up outside your business premises.

There are three types of insider threats:

• An accidental information leak.
• A deliberate action by a dissatisfied employee.
• A spy that steals information.

The most dangerous internal threat? The dissatisfied employee who feels wronged.

Wouter Vandenbussche, Solution Lead Cybersecurity Proximus

1. Whoopsy-daisy

Wouter Vandenbussche, Solution Lead Cybersecurity from Proximus: “Just about every company ends up having to deal with innocent insider threats. There are plenty of people who do something foolish by accident or out of ignorance. Who knows how many employees have sent an email with business-sensitive information to a competitor rather than to a colleague or accidentally put a photo with business information on WhatsApp. Y

ou can only prevent this by protecting your information. You decide who is allowed to access which business sensitive data and on which devices they are allowed to do so. In other words, assign rights via access control.

2. The dissatisfied or malicious employee

A dissatisfied employee is the most dangerous type of insider threat. All types of companies are confronted with this. “It is about unhappy employees who are about to leave or who deliberately wish to harm the company they work for”, warns Wouter. “This also include people who set out to commit financial or other fraud for their own gain in a more organized way.

This includes deliberately downloading and distributing customer files and deliberately shutting down servers. The best way to protect yourself against this is to monitor your network and analyze your log files and the behavior of your employees and endpoint.”

Wouter Vandenbussche, Solution Lead Cybersecurity Proximus

3. The spy who is after your intellectual property

The most imaginative form of insider threat? A spy who infiltrates your company to steal specific information. Wouter: “Companies with sensitive information and intellectual property are the most typical victims of this. They are deliberately chosen as targets. The financial damage caused by a successful infiltration is almost always considerable. Not to mention the damage to their image and reputation.”

“Spying requires its own approach based entirely on protection your information. Start by classifying your data: decide which information is more confidential than other information. Also assign rights: which of your employees should have access when and where? Also, focus on detection. That allows you to be able to see perfectly who is accessing your sensitive information when and on which device and you will be warned when this happens at odd times or on strange locations.”

Identity management, access control and monitoring

Identity management, active access control and monitoring through detection and analysis are essential for protecting your business against internal threats. Note the word ‘active’ in access control: always adjust the access rights of every employee who changes function or department immediately, even if it is only temporary.

“If you wish drastically to reduce the number of insider threats, you need to implement tools and processes that show you who has access to your sensitive information at what location and on which device”, Wouter explains. “Thanks to the combination of central identity management, active access control with access rights adapted to each employee and, preferably, using automatic detection and analysis based on machine learning, you will know exactly who has done what.”