<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
SCHEDULE A CALL
SCHEDULE A CALL
Show all

Detecting Insider Threats

April, 13 2017
canstockphoto2344717-insiderthreat-685x1024

What is an insider threat? According to the computer emergency response team (CERT), when a current or former employee or contractor who deliberately exploits or exceeds his or her authorized level of network, system or data access in a way that affects the security of the organization’s data, systems, or daily business operations, that is an insider threat to the company. The goal of a malicious insider is very often destruction, corruption or theft. While theft has monetary or other beneficiary interests behind it, destruction and corruption can originate from highly disgruntled employees and can be directed against the organization as a whole or against specific co-workers.

Insiders are by default authorized to be inside the network and are both granted access to and make use of key resources of an organization. Given the large pile of access patterns visible in an organization’s network, how is one to know which ones are negligent, harmful or malicious behavior? IT departments typically respond to the insider threat, if at all, by extensive monitoring and logging. The aim is to at least be able to do forensic analysis when a threat is happening and doing damage, and support the legal department with any investigations. As Oliver Brdiczka says - "The problem of detecting the insider threat before it actually happens is as difficult and complex to solve as the prediction of human behavior itself. What is the next action of a person? Which action will be inside the scope of assigned work for that person? Which action will indicate the preparation for an attack by that person?"

nist guide assess cybersecurity risk

According to Ryan Francis, while the insider threat still connotes an employee of the company, the intruder is no longer someone located within the confines of the building. Accessing the network can happen from such public places as the local coffee shop. The first step of an appropriate response to an insider threat is to raise awareness of the problem. Insider threat is real and can happen anywhere in the industry. Technology alone will not solve the problem.

Sources:

CSO Online article on Detecting Insider Threats - By Ryan Francis, CSO Online

Computerworld Online article on Detecting Insider Threats - By Oliver Brdiczka, Computerworld

Summarized by: Rupal Talati

 
24By7Security
24By7Security

24By7Security, Inc. is a premier National Cybersecurity and Compliance consulting firm. We are Cybersecurity & Compliance specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

LinkedIn

Related posts

HIPAA Violations Settled in 2024 Teach Us Important Lessons
April, 23 2024

HIPAA Violations Settled in 2024 Teach Us Important Lessons

Read more
HIPAA Lessons from HHS OCR
April, 16 2024

HIPAA Lessons from HHS OCR

Read more
How Vulnerability Assessments Strengthen Security
April, 9 2024

How Vulnerability Assessments Strengthen Security

Read more

Comments are closed.

Incident response - preparing for attacks
World Password Day - 4 tips to keep your password secure
Subscribe to our Blog!

24By7Security, Inc. is your trusted partner in Cybersecurity and Compliance. We help you manage your cyber risk programs so that you can focus on your business.

    Quick Links

    Contact us

    24By7Security, Inc.
    4613 N. University Drive, Suite #267
    Coral Springs, FL 33067
    Toll Free: (844) 55-CYBER

    CONTACT US

    Social Media Connections:

    © 2024 24By7Security, Inc.  All Rights Reserved.