4 Steps for Designing an Effective Insider Threat Program

Posted by Andrew Josephides on 3/7/17 8:01 AM

insider threatThe cost of cybercrime is going nowhere but up. Meanwhile, the news reports on staggering incidents of mass data theft on a regular basis. If you’ve become obsessed with combatting intrusion from outside hackers and scammers, it’s understandable.

But if you’re only looking outward, you may be missing one of the leading and most damaging risks to your cybersecurity: those who work in and with your organization.

No one wants to believe their colleagues and partners would compromise their data security – either deliberately or mistakenly – but it happens more often than you would think.

 According to the 2013 U.S. State of Cybercrime survey:

  • Over half of respondents, representing large and s 
    mall companies throughout the U.S., experienced an insider incident in 2011 and 2012.
  • 53 percent of organizations said that damage caused by insider attacks is more damaging than outsider attacks.


Among the insider attacks experienced by these organizations:

  • About a third were the result of unintentional exposure of data.
  • A third was theft of intellectual property (IP).
  • A third was due to unauthorized access to information, systems, or networks.


What is Insider Threat?

Insider threat is the threat to your organization’s critical assets by trusted individuals or entities.

Critical assets most often targeted include industry specific intellectual property, business plans, personally identifiable information, infrastructure design, security design, and physical, as well as virtual accesses.


4 Steps for Guarding Against Insider Threats 

Policies, procedures, and technologies are the key to mitigating the threats.

You can’t mitigate every threat against your organization that exists. Instead, base your security efforts on the criticality of the protected resource. Your insider threat mitigation program will need to be a complex solution to multiple problems.

To build a base to work from, your company will need to evaluate its current vulnerabilities on multiple levels. Consider the risk of insider theft of intellectual property, damage to your networks and systems, as well as damage to your company’s employees through exposure of their personally identifiable information.

Also, as you develop your insider threat program, be sure to follow an ontological design. This is critical, because, as experts have pointed out, the communities combatting insider threat lack standardization. There are various models available you can use as a guide.


Step 1 

Perform vulnerability assessments and penetration tests to verify the integrity of the mitigations performed by your IT department in response to your auditing procedures.

  • Inspect documented security policies and controls.
  • Inspect asset management.
  • Inspect vendor security agreements.
  • Inspect access control policies and implementation.
  • Validate the effectiveness and implementation of security information and event management system.
  • Inspect backup and recovery processes.


Step 2

Audit the physical security team to ensure clearance and access leaks don’t exist through extra security badges, faulty locks, or ill-positioned cameras.


Step 3

Ensure every contractor, service provider, or partner is still performing a necessary function in your company’s work flow.

Many times, organizations focus too much on the specific technical vulnerabilities, using tools such as vulnerability assessments. But when it comes to mitigating insider threat, you should understand that business processes are just as, if not more, important than technical vulnerabilities. This includes issues in the legal or contracting portions of your business.

It also means recognizing the increased risk of providing insider access to your networks, systems, physical assets, and intellectual property with organizations and individuals who are not part of your company.

Among others, evaluate the following for insider threat mitigation:

  • Contractors
  • Consultants
  • Service providers
  • Investors
  • Business partners


Step 4

Finally, vet the results of the audits and disseminate access levels to your IT and physical security teams to ensure there are no access leaks.

Insider threat is among the most detrimental cybersecurity risks your organization may encounter. Make sure you are prepared today by designing and implementing your own insider threat program.


New Call-to-action

Topics: IT Security