Key actions to prevent attacks include: monitoring employee activity, eliminating unnecessary accounts and having updated antivirus.
In daily operations, companies must face potential information thefts, which can originate both from external hackers and their own employees, the latter being referred to as an internal threat.
Internal threats arise when an individual acts as a risk factor, whether knowingly or unknowingly. Internal threats are caused by various reasons, including the actions of a person seeking to harm or gain an advantage against an organization. A common example is when an individual from a company planning to leave copies customer lists before leaving the workplace to have a competitive edge with a new employer.
Regardless of their intent, it’s crucial to consider the digital aspect of an internal threat, and therefore companies should ask themselves: How many people have mass access to sensitive information? Are all accounts of current, relevant employees valid? How often do passwords for sensitive accounts change?
Honestly answering these questions can provide a clear overview of the company’s cybersecurity to take action on vulnerabilities. Experts from BeyondTrust, a global leader in intelligent identity and access security, share five keys that companies should consider to counteract internal threats:
- Only administrators should have access to mass data. This prevents an infiltrator from obtaining large amounts of information, or an executive’s account from being hacked and used against the organization.
- Administrative accounts are not for daily use. Users should never use administrative accounts for everyday tasks like email. All users should have standard user permissions.
- Eliminate unnecessary accounts. Former employees, contractors and even auditors should not have daily access to sensitive data. These accounts should be deleted or removed according to the organization’s policy.
- Change passwords frequently. Employees come and go. If passwords remain the same, the risk to sensitive data increases as former employees technically still have the known passwords for the company’s confidential information.
- Monitor activity on privileged accounts. This includes logs, screen monitoring, keystroke recording and even application supervision. This means that in case of an incident, it can be documented how the information was extracted.
It’s vital that companies not only consider the aforementioned internal threats about excessive privileges, which enter through the front door to steal information or carry out malicious activities. They must also counter those that take advantage of poor configurations, malware and exploits.
To this end, Kelly Quintero, Regional Channel Manager for Mexico, Central America and the Caribbean at BeyondTrust, comments that all organizations should use a vulnerability assessment or management solution to determine where risks exist in the environment and correct them in time.
She also asserts that “companies must implement an application control solution to allow only authorized applications to run with the appropriate privileges to mitigate the risk of malicious utilities, surveillance or data collection.” Similarly, Quintero adds that “where possible, users should be segmented from systems and resources to reduce the risks of accessing critical information.”
There are solutions on the market that are fully suitable for protecting company information, one of them is BeyondTrust’s Privileged Access Management platform, which provides visibility and control over all accounts and users thus mitigating the potential impacts of a cyberattack.
Although the actions presented above are very important, the reality is that most companies do not even do a good job with the most basic security. If they do, the risk of internal threats can be minimized by limiting administrative access and keeping IT resources up to date with the latest defenses and security measures. The goal is to stop data leakage and be aware that an internal threat has multiple attack vectors to achieve its objectives.