Whether we like it or not, the greatest threats to our network security are the people we trust the most. Most other threats such as DDoS attacks, malware, and ransomware attack from outside of the firewall, but an insider threat comes from within the digital walls of the business.
Though it’s the external threats that get all of the press, insider threats can often be far more insidious and damaging. Consider that an external attacker would be unlikely to know exactly what to look for if they make it past your security measures, and they often fail to locate your most valuable data. But insiders have all the information they need to steal sensitive data and cause significant damage to your data, systems, and business.
We should also point out that insider threats aren’t always malicious. They could be careless in leaving laptops on a train, or simply using default or easily guessable passwords. Phishing scams and other social engineering attacks target your employees for these reasons so they can gain access to their credentials.
For too long, our traditional perimeter security systems have given free rein to anyone with the right credentials. It’s easy to notice an intruder when you hear breaking glass, but not as simple when they use a key. So, where are we exposing ourselves to potential insider breaches unnecessarily?
This might sound like a no-brainer, but it appears the message about passwords still isn’t getting through. Verizon research has found that in 81% of security incidents, threat actors were using default passwords, weak passwords, or stolen passwords to breach security systems. How this happens is not surprising when we consider that one in five people report they leave passwords in plain sight on their desk, and that a similar proportion of people are prepared to share sensitive if they believe the risk-reward trade off wasn’t too high.
To operate in a digital economy, we need to provide customers, contractors and partners with access to our systems for a variety of purposes. However, we often see that guest networks don’t enjoy the same level of security, and guests can often access areas we don’t intend them to. The more we also leverage third parties to bolster our value chain, the greater the risk we are also exposing ourselves to unless we have a way of monitoring access at every point of our network.
Thankfully, machine learning has been really hitting pay dirt in network security recently. User and entity behaviour analytics (UEBA) is an application of machine learning that is designed to learn from vast volumes of data to spot anomalies in network access. Through self-learning models, these new systems can spot potentially malicious activity before it ever has a chance to occur.
Some training and supervision of UEBA is still required, as the system needs to know what bad behaviour looks like. For instance, what time of day do users normally access systems and for how long? What sort of devices do they normally use and how much data do they normally download?
Once UEBA understands these behaviours, it can build a baseline and develop profile for different groups of users. When certain thresholds of behaviour are crossed, security personnel are alerted who can then make a judgment whether to restrict access.
While we may never known exactly what sort of threats are lurking on the outside of our network, we can now get full visibility of who has access internally. By knowing who is accessing our network, as well as the where, when, how and why, we will be far better placed to limit the risk posed to us by the people we trust the most.
About the author
As the Managing Director of Aryon, my team and I are here to reduce the complexity for organisations who want to take advantage of next-generation networks, infrastructure and workforce technology. If you would like to discuss how your organisation can take advantage of new digital networks, infrastructure and technology without the added stress, please feel free to get in touch with me at firstname.lastname@example.org.