Reducing Insider

Security Threats
                 Presented by
            Franklin Akindejoye
                    87706
      Introduction

A 2017 report released by the Institute for

Critical Infrastructure Technology said that
most cybersecurity incidents (both intentional
and accidental) are the result of some action
by insiders. I will be discussing some
strategies that will help system administrators
detect and reduce the threat of insider risk,
given the fact some insider security breaches
can go undetected for weeks, months, or
years.
Strategies
Establish a security incident and response team.
Use temporary accounts.
Conduct frequent audits to look for unused
accounts and disable or remove them if possible.
Follow employee termination principles carefully.
Identify unhappy employees.
Use two-factor authentication.
Encrypt confidential data either in motion or at
rest.
Consider third-party products.
Don’t forget to guard your perimeter.
Consider that investments in products and staff
are more than just “insurance”.
Mitigating insider risks 
 The most formidable insider threats
 There are two types of insider threats:
• A malicious insider who is purposely stealing
data.
• The compromised insider, i.e., the insider
whose credentials have been stolen and now
a hacker is impersonating that insider on the
network.
Ø In either case, the most
formidable threats comes from
administrators with privileged credentials. This
person’s job often requires access to
sensitive systems, so it can be difficult to
distinguish between normal sensitive access and
risky sensitive access.”
Mitigating insider risks (2)
 How to remediate these threats
 Strong security policies should follow the ‘Mini-Max’ rule—minimize access where
possible, maximize monitoring of that same access, for unusual patterns.”
 Too often employees accumulate access rights that aren’t revoked when they move to
new projects, this should be strongly avoided.
v Recommendations involving system administrators
 “It’s essential to regularly review and assess who has administrative system rights and
whether those are needed.
 A best practice for system administrators is that no one can use the same account they
use to manage data or apps to also check email or the Web. Allowing both activities
from the same account increases the connection between internet-borne malware and
privileged credentials.
v Types of devices and systems that causes the biggest headaches
 IoT devices can place the organization at exceptional risk via embedded credentials.
Use analytics on them to determine normal behavior and detect anomalies.
Mitigating insider risks (3)
 Monitoring/alerting methods or
solutions recommended
 Companies should prepare for
attacks by implementing
technologies that detect attacks
much earlier in the cycle and are
better able to handle shades of
gray.
 Behavioral analytics solutions that
perform activity baselining for
every employee and contractor,
with a goal of pinpointing an
employee who suddenly begins
acting in unusual and risky ways
should be employed.
 Usefulness of background checks in
thwarting threats
 Although background checks may
provide some protection from malicious
insiders (provided they have been
caught in the past), they should not be
seen as the end-all solution. Individuals
with clean records can still be victimized
via compromised accounts.
v Punitive/disciplinary methods recommended
 For the malicious insider, obviously
termination and, depending on
corporate policies, litigation. For the
compromised insider, there is usually
little to no disciplinary action taken.
Reducing insider  Know when to say no.

BYOD threats
 Have a BYOD policy.
 Identify responsibilities up front.
 Consider segmented services or
networks.
 Use mobile device management.
 Mandate standard security settings.
 Mandate application/operating system
updates.
 Educate users.
 Have a security incident plan.
 Use monitoring.
Conclusion
Insider threats begin with trusted employees
whose frustration, resentment, apathy, lack of
cybersecurity training and awareness, or external
motivations radicalize them to unintentionally or
willfully inflict harm on the organization by
compromising systems, assisting external cyber-
threat actors in multi-vector information warfare, or
exfiltrating treasure troves of valuable PII, PHI, and
other sensitive data.
Perimeter-based defenses cannot stop the threats
who are already inside the network. Bleeding-edge
defense-grade insider threat solutions, such as
User Behavioral Analytics (UEBA), Identity and
Access Management (IAM), and User Activity
Monitoring (UAM), are necessary to detect, deter,
and mitigate the mounting insider threat epidemic
against critical infrastructure.
 
 References
http://b2b.cbsimg.net/downloads/Gilbert/TR_EB_insider_threats.pdf
https://icitech.org/wp-content/uploads/2017/02/ICIT-Brief-In-2017-The-Insider-Threat-E
pidemic-Begins.pdf
https://pixabay.com/