Recently I had the opportunity to discus the tools and techniques that IT and security teams can use to stop attacks coming from within the organization. As well as how they can work together to maintain the trust of end users throughout the process.
The Threat of Insider Risks
Unlike many cyber threats, insider risks or threats, are coming from somewhere closer to home. From someone with who is authorized to access the network. This could be a current or former employee, a consultant or board member, even a business partner. Because these attacks come from within, they’re notoriously difficult to identify. IT security teams require complete visibility into all user activity. To track and trace incidents, which is difficult implement while maintaining trust.
Three common types of insider risk:
1. Intentional Insider: this is the person that's intentionally trying to exfiltrate corporate sensitive information or cause damage.
2. Accidental Insider: someone who is going about their job and simply doesn’t know they’re compromising sensitive information.
3. Intentional but not Malicious Insider: employees who believe they have some ownership over code or work product and try to take it with them when they leave the company.
Tackling Risk with the Right Tech
Regardless of the type of risk, IT and security teams use three main technologies to tackle insider risks:
1.User Activity Monitoring (UAM) - These solutions allow IT and security teams to monitor risky user activities and then track those trends in real time over a period of time. Some of the more advanced solutions are very effective at flagging anomalous behaviors and can also understand user intent through context sensitive analysis. See Everfox Insider Risk solutions.
2. Content Disarm & Reconstruction (CDR) - Employees consume a lot of text files and image files every day, such as Word documents, PDFs, and JPEGs. Threat actors can embed malicious code into these files so that, when a user downloads the file and shares it internally, they inadvertently help breach the organization and spread the attack. To prevent this, CDR solutions intercept files, break them apart, and rebuild them using only the content that’s safe. Any malicious content is removed from the file before it’s downloaded or distributed. See Everfox Content Disarm and Reconstruction solutions.
3. Remote Browser Isolation - These technologies execute user online browsing activity in a secure sandbox environment that’s completely isolated from the user desktop—whether physical or virtual. So, when a user opens a webpage, any potential malicious content is contained within the sandbox where it can’t do any damage. The user sees a familiar web browser, but behind the scenes, the RBI solution is isolating that web session to keep the malware from getting to their actual desktop.
Balancing Insight and Trust
IT and security teams need to work together to mitigate insider risks and complex threats. However, they should also work with their organization as a whole to maintain employee trust. With any kind of insider risk program implementation, it's critical to communicate what you're doing, what it's designed to do, and any experience impact users will see. Organizations must also clearly define how they will balance security and privacy to ensure transparency and accountability for all levels of the organization.
Ultimately, the confidence that technology is being properly used will go a long way to establishing and building that trust.
Hear the full podcast on Spotify & Apple:
Spotify: https://open.spotify.com/episode/6Uf4YwiUKairlieIPO4NYc?si=8ba607da5eb64df2 (opens a new window)
About Expert Insights
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions. You can find all of their podcasts here (opens a new window).
Joe Bell
Chief Information Security Officer
Joe is the Chief Information Security Officer at Everfox and is responsible for the company’s Information Security program. Prior to joining Everfox, he was the Senior Director of Information Security at Verisign Company from 2021-2023 and was with Raytheon Company (now RTX) as the Executive Director of Information Security from 2003-2021. Joe has a Bachelor of Science in Computer Science from the University of Texas at San Antonio.