When thinking about a hacker, most people imagine a person sitting in a shadow-filled basement, working furiously on their computer to crack network security codes. Generally, what people are not thinking of is the coworker sitting right next to them. Insider hacking – whether malicious or unintentional – can cause even more harm than external hackers because of their knowledge of the organization’s network resources and the opportunity to access them. In fact, insider attacks were the most costly breaches of 2015.
MeriTalk surveyed 150 federal IT managers about network cybersecurity; the study revealed that 45 percent of agencies had internal users that tried to access unauthorized information during the past year. Agencies need to battle these threats with better technology and employee training. The IT landscape is ever changing and with it comes the risk of insider hacking.
With these constant changes, management of cyber security is crucial. Here are 4 steps your organization can take to help identify insider hacking:
- Adopt a robust insider policy
New security concerns are popping up in the age of greater access to apps and devices. With greater access comes an increased need for omnipresent security to protect sensitive government information. VMware NSX for Horizon effectively secures east-west traffic within the data center, while ensuring that IT can quickly and easily administer networking and security policy that dynamically follows end users’ virtual desktops and apps across infrastructure, devices, and locations.
- Raise awareness
Teaching employees where threats may be lurking, such as phishing attacks or other schemes, can help them learn more about how to not only protect themselves, but also the data and information they work with daily. NIST published its Risk Management Framework (RMF) as part of the NIST publication 800-37, which outlines a six-step continuous monitoring process to establish security best practices for government agencies. These six steps can help agencies identify threats via continuous monitoring and Splunk can help analyze their user’s behavior.
- Take a second look at privileged users
According to HyTrust, privileged users pose the biggest insider threat – 59% of the time when a breach occurs. Furthermore, in a virtualized environment that gets magnified, breach costs can be as large as $800,000 per incident! HyTrust works closely with the Cloud Security Alliance, NIST, and other organizations to help develop industry-wide awareness and solutions to cloud and virtualization security threats.
- Monitor employees
When it comes to privileged users, IT should be taking a second look at their access. CyberArk’s Privileged Account Security Solution works to prevent a malicious insider from perpetrating and becoming an advanced attack.
Make sure your agency is ready to start defending from within and controlling privileged users by registering for Cyber Playbook on December 15.