Managing Inside Risk

Back to Blog
August 27, 2016
SecureAuth

Imagine a data breach and you’ll likely picture it starting with a faceless hacker, maybe even a state-sponsored crime ring across the ocean. But one of the biggest security threats comes from insiders and it’s finally getting well-deserved attention.
 
Part of our recent survey of 500 senior IT leaders, conducted with SC Magazine, examined their attitudes toward threats: specifically what worried them the most and how they planned to handle it. While the ongoing industry dialogue on security often focuses on how to combat advanced persistent threats, where those threats arise is just as worth examining.
 
So it’s interesting that a full 62 percent of CISOs are most worried about employees and other insiders putting their network at risk – either accidentally or deliberately. To put that number in perspective, concern over partners and suppliers came in at 18 percent. The category titled “Others,” which includes attackers with criminal or political motives, came in at only 6 percent.
 
Obviously this has implications for the security dialogue. While traditionally organizations have focused on keeping attackers out of the network, teams are realizing the futility of this quest. Today’s thinking runs more along the lines that malicious actors will probably be in your network sooner or later, which shifts the focus to stopping them from stealing proprietary data.
 
So why do internal threats rank so high as a concern?
 
To start, these IT leaders aren’t necessarily envisioning employees who deliberately abuse their access privileges to steal data – though of course that’s always a possibility. A more common scenario is the employee or partner who unwittingly creates a security gap or falls for social engineering and other scams, giving their credentials to attackers. Security teams may be immersed in the criminal methodologies and the controls that can stop them, but most employees will be far less educated on cybercrime.
Case in point: the South Carolina Department of Revenue. Their website was hacked a few years ago when a contractor was duped by a social engineering tactic. More than three million social security numbers were stolen.

It only takes one employee to visit an infected website or fall for a phishing scam. Once their credentials are stolen, those attackers will be perceived an internal threat. By placing keyloggers within the network, even a password or passphrase change by the valid user is worthless – the keylogger will record the change and notify the attacker, continuing their access.
 
Another reason is the rise of Shadow IT. In the era of the app, when SaaS applications are designed to be user-friendly and let end users implement them without IT assistance, many IT teams lose  oversight and control of important parts of their network. If those apps are employed without appropriate security controls, or if they violate regulatory compliance requirements, IT won’t know anything about it – opening up a host of potential vulnerabilities and entry points for hackers.
 
Obviously IT needs to control all access and authentication when it comes to applications and data. Even data living in the cloud has to interact with the corporate data, which means that authentication needs to happen somewhere else. 
 
One solution: Adaptive Authentication, which contextual factors such as geo-location, IP addresses and device fingerprints. It’s the latter that helps companies admit established users while identifying attackers attempting to infiltrate the system with legitimate credentials. It can also identify a user who might inadvertently become a risk, something especially valuable for inside threats.
 
Once a valid user is authenticated, the technology stores the device’s unique characteristics, like HTTP headers, browser plug-ins and fonts or time zone. Going forward, it distinguishes between devices that match a stored footprint and devices that don’t, helping organizations block even those malicious actors who’ve obtained valid credentials. Users enjoy the simplicity and convenience of passwords while IT teams can effectively protect their most valuable data, both onsite and in the cloud.
 
In other words, the solutions are out there. Deploying Two-Factor Authentication at the edge of the VPN and implementing authentication and access controls throughout the network can reduce inside risk significantly; continuous authentication could also one day be used to continuously verify all of an insider’s activities on the network.
 
Inside risk deserves a high spot on any CISO’s risk management agenda. We live in a world where malicious actors often enter the network through internal assets. Any IT leader who fails address inside risk in their security program is leaving a side door unlocked.

Never Miss a Beat
Subscribe to Our Blog

SecureAuth Identity Platform Adaptative Authentication

Identity and Access Management

Empower your digital initiatives with secure access for everyone and everything connecting to your business

Product Features

Adaptive Authentication

Extend verification of a user identity with contextual risk checks

Multi-Factor Authentication

Leverage a broad portfolio of authentication factors for desktop and mobile

Intelligent Risk Engine

Protect your identities with advanced risk profiling analytics

Single Sign-On

Provide app discovery and one-click login through portal or desktop SSO

User Lifecycle Management

Enable admins with strong CRUD capabilities and users with self-service tools

Secure All Identities

CIAM

Customer Identities

Deliver a frictionless customer experience safeguarding user data and privacy

B2E

Workforce Identities

Govern and control access rights for employees, partners, and contractors

Moving Beyond Passwords

Learn how passwords alone no longer provide the appropriate level of protection, nor confidence, required to secure valuable resources

Initiatives

Passwordless Authentication

Reduce the risk of breaches by eliminating passwords

2FA is Not Enough

Block popular phishing and brute force attacks used by bad actors

Protecting Office 365

Extend adaptive authentication and flexible MFA to all apps including Office 365

Securing Portals and Web Apps

Balance strong security and an exceptional user experience

RSA Migration

Transition to a modern identity and access management solution

Industries

Healthcare

Financial Services

Retail

Energy and Utilities

Public Sector

Resources

White Papers

eBooks

Recorded Webinars

Analyst Reports

Innovation Labs

Documentation

Support Portal

Events & Webinars

Events

Webinars

Calculate Your Savings

Lower support costs by enabling your users the control to reset passwords, account unlocks, device enrollment and update profiles

Meet SecureAuth

About SecureAuth

Leadership

Newsroom

Careers

Contact