Three Strategies for Fighting the Growing Issue of Insider Threats
By Chris LaPoint, VP of Product Management, SolarWinds
Altruistic hackers are slowly becoming more prominent in pop culture, specifically in TV shows in which they are young geniuses using their skills to help those in need. Their derring-do involves taking control of everything from airplanes to traffic signals, all in the name of good. And they do it with style.
If only the real world were so exciting! In reality, the primary threat does not necessarily come from a well-meaning hacker with a modified Alienware computer, but from the person sitting at the next desk over.
According to a recent SolarWinds and Market Connections survey of federal IT pros, insiders are starting to supplant external hackers and terrorists as the greatest cybersecurity threat. In that survey, more than half (53%) of the respondents identified careless and untrained insiders as the greatest source of IT security threats at their agencies, up from 42 percent last year.
Respondents pointed to several reasons insider threats have become “public enemy number one.” The steadily growing volume of network activity is seen as a primary culprit, as more administrators are being asked to try and keep up with monumental increases in traffic. The growing use of personal devices is another factor, as is mounting pressure for IT pros to change network configurations quickly, rather than correctly. Combine these issues with simple human error – a misplaced USB drive here, an unattended laptop there – and lack of training, and one can understand how insider threats can loom so large.
Here are three strategies that can help address the growing issue of insider threats:
Continuously monitor the network
It can be difficult for IT pros to keep up with network activity and remain alert to everything that’s happening on these networks, but doing just that is very important. Solutions that continuously and automatically monitor networks for any anomalies can help. Their alerting capabilities help administrators keep tabs on potential breaches, data leaks, unauthorized users, and overall suspicious activity, allowing them to respond and address the problem immediately.
Examples of effective monitoring solutions include security information and event management (SIEM) and log and event management software. These solutions provide real-time feedback and alerts that provide administrators information about any suspicious network activity. Administrators can use them to accurately track the root of a problem, right down to the individual user who may – inadvertently or not – be compromising the network.
Standardize network configurations
It’s no news flash that federal IT pros are pressed for time. But the comment by survey respondents about fast, versus accurate, network configuration is telling – and problematic. Networks that aren’t properly configured can open the doors for employees to make unauthorized and erroneous network changes.
Automating the network configuration process is a good option for time-strapped federal IT pros. Tools can be set up to perform scheduled network configuration backups, bulk change deployment for thousands of devices, and more – and do so properly, yet with minimal input from the administrator. These tools not only ease the worry of insider threats but also catch configuration errors and automatically notify the administrator of any compliance issues.
Closely track user devices
Speaking of devices, employees continue to rely on their personal devices for work, which can create enormous risk. One lost smartphone or stolen laptop can result in a national security issue.
As a result, administrators should implement a strategy that will allow them to accurately and quickly track and monitor devices, switches, and ports. Doing so will allow them to easily block unauthorized devices from accessing their networks. They should also create a “whitelist” of authorized devices and set up alerts in case any device that’s not on that list attempts to ping the network.
Insider threats come in many forms. Some are completely intentional, others are completely innocuous, but all can be extremely dangerous. And, unlike the hacker hero that saves the day in a TV show, none should be taken lightly.
Chris LaPoint is vice president of product management at IT management software provider SolarWinds, based in Austin, Texas.
Image courtesy of Lockton Market Update.