By Milica D. Djekic
The insider’s threats are a quite big security challenge of today. The best way to protect ourselves from a threat is to understand so. In other words, there is an increasing need to research an area of the insider’s threats because the impacts regarding that field could cost us a lot in social, economic and security ways. Two main types of insider’s threats are those being correlated with an intentional and unintentional sharing of confidential resources with someone being outside of the organization. The people with a bad intent about the organization they work for are also called the malicious insider’s threats.
In this article, we would mainly discuss how good access management could prevent us from any sort of insider’s threats. Basically, we would not talk strictly about the prevention from anything, but rather about the ways of reducing the risk from that sort of a challenge. As it’s well-known, there is no absolute security, so in this case – we would simply try to manage the risk controlling the access to the organization’s resources. This could be a convenient way to correlate the risk with the access which should get managed in order to provide better security to all.
The experience would suggest that so many malicious insiders’ threats could be the malicious actors as well as receiving support from some external malicious group. In other words, the malicious insider’s threats are usually connected with the organized crime, terrorism or any other threatening activities. As we said, the main risk that someone within the enterprise could become the insider’s threat to that community is the access. Once we get aware of those potentials, we would know how to manage such a risk. The purpose of this effort is to give a brief illustration how the insider’s threats and access management could go hand to hand or, in other words, how we can work on the better security procedures and policies to our organization.
In the practice, there are so many organizational schemes that the insider’s threats can follow on. As we cannot review every single scenario through this effort, we would offer only some of the possible situations occurring inside the enterprise. Apparently, we would deal with the business environment as so suitable place for insider’s threats to appear in. The first step the insider’s threat should pass on before he becomes a threat to that company is an employees’ selection.
Some companies would in details investigate the background of their workforce candidates, while the rest would just deal with some interviews and skills testing. So, once someone gets employment within some enterprise, he would get the potential to take advantage to someone being outside of that organization either unintentionally or maliciously. According to their nature, the insider’s threats could be ideological, political or business. In other words, no one would be surprised if anyone of your colleagues sitting with you in your office is receiving support from some criminal or terrorist organization from the outside. Also, there is a quite frequent case of corporate espionage coming from the business competitors.
Everyone would want to take advantage if he can and that’s why we would highlight the role of the good access management in handling those scenarios. We would distinguish the insider’s threats into three categories, but dealing with their motives is a quite trickery concern.
Once your new staff obtains access to his employment, he would get permission to regularly come to your office and deal with the rest of the colleagues on a daily basis. So, someone’s job contract would offer to that person access to those surroundings on a quite frequent level. The next step in increasing the risk to your organization is giving the IT infrastructure permissions to your new staff. It’s quite obvious that the access to someone’s e-mail account or social media could raise the risk for that organization to get affected negatively in sense of hacker’s attacks and cybercrime campaigns.
So, maybe those companies which would deeply investigate the background of their candidates are not doing the money wasting. If you want to maintain your security in business, you should rely on trusted people. The stuff the insider’s threats would commonly do at work is collecting the business information, reporting what it’s happening inside the organization and dealing with the other people in order to affect them somehow. In the practice, they can go that deep with their colleagues even trying to see their privacy and by many jurisdictions – that would get recognized as an embarrassment at the work. The reason why anyone would want to see your private or business vulnerabilities is mainly that he would want to affect your operating motivation trying to make you be less productive at the work. So, before you make a decision to hire someone or, in other words, give him the access to all those things – think twice Either you would get the best friend to your organization or you would get the worst enemy you could ever imagine. The choice is yours
As we are quite familiar that the insider’s threats are an ongoing topic in cyber defense and security, in general – we would like to give some recommendations on how we could tackle this problem. Through this effort, we would analyze how good access management could support us in reducing the risk from someone intentionally or unintentionally trying to impact your organization in a negative manner. The best possible way to prevent this sort of threat is to attempt to increase awareness of your employees about the insider’s threats, their habits, missions and ways of dealing. This could get possible through the brightly prepared education and training as well as through the better security at your work.
In conclusion, we would want to add that the insider’s threats receiving support from the outside could be the part of a rigid hierarchy. There could be three main levels of hierarchy with the insider’s threats being the operational, tactical and strategic ones. In any case, we believe that it’s quite clear why the insider’s threats are the challenge to modern security.
About The Author
Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with the Computer Emergency Response Team for the European Union (CERT-EU). Her fields of interests are cyber defense, technology and business. Milica is a person with a disability.