The bad news, astonishingly a recently study published by
Ovum revealed that a mere 9% of organizations feel that they are safe from
insider threats. The good news, 66% of those surveyed did say that they were
looking to invest more spending in IT security, specifically to help combat
insider threats. You can read more on the Ovum study here: http://www.infosecurity-magazine.com/view/37826/less-than-10-of-companies-feel-safe-from-insider-threats/
Unfortunately, “insider threats” is a vague term and they
are often difficult to mitigate if not handled properly. First, one must
understand the different types of insider threats that organizations face each
day. The most obvious threats are those internal users who act with malicious
intent to either harm the organization or for their own personal gain. Second
are the users who accidentally or unknowingly cause harm through lack of
knowledge or preparation. Finally, there are the targeted attacks that work
from the outside in. These actors target highly privileged users and utilize
their credentials as a way to get access to even the most protected parts of a
network. These actors are by far the most dangerous, they use advanced evasion
techniques (AETs) to execute advanced targeted attacks across multiple network
layers. They are difficult to defend against and even more so to detect.
So, how does an organization begin to combat these elusive
threats? Obviously the first step is to enable strong perimeter controls,
followed by a completely locked down desktop environment. Operating in a least
privilege environment helps to prevent threats, which do make their way through
the defenses, from gaining access to privileged data and applications.
Additionally, measures such as application whitelisting can
help further protect organizations through a default-deny model, ensuring that
only trusted applications, files, and executables can run on the endpoints and
Organizations must go one step further though, to employ
next-generation monitoring and forensics capabilities. In order to protect
against these evasive threats, full and real-time visibility of all activities
within a network is paramount. This will help organizations detect and mitigate
any breaches early and effectively.
This multi-layered approach is the only way to protect against the sophisticated modern day threats that all organizations are facing today. here is an interesting whitepapter that discusses just that: Layers of Cyber Security - Modern Security Threats. Give it a read and pass it along. It's vital that the community understand the necessity for a next-generation, layered approach to cyber security.