Why Companies Need to Understand and Create a Protocol for Insider Threats

Written by

Over the last two years, the number of insider incidents has increased by 47%. Employees are perhaps the biggest security risks of any company. Deliberately or inadvertently, they can cause a serious breach to company data.

Insider threats are worse to combat because here, the company is dealing with a purportedly authorized access to its data which somehow turns out to be compromising. Any organization that loses the endpoints battle has lost the cybersecurity war.

Hence, protecting endpoints by eliminating insider threats must be a priority for every company. Insider attacks, when they are clearly not intentional, are often due to poor cybersecurity practices or a lack of general cybersecurity hygiene.

While basic cybersecurity awareness training may help, it doesn't eliminate the problem itself. Companies need to establish a clear protocol for combating insider threats.

The rise of remote work has worsened the state of insider threats. With employees now dispersed, it becomes more difficult for IT to maintain comprehensive visibility over the company's data assets and access endpoints. Overcoming these challenges is not as simple as teaching employees to recognize malicious emails. It requires an overarching strategy that strengthens the defenses of the company's network against such attacks in the first place.

Insider Threats Protocols

What should be included in a protocol for combating insider threats?

Intelligent Threat Detection: IT teams need to start thinking beyond prevention. With the growing sophistication of cyber-attacks due to the rise of adversarial AI, it's no longer a matter of if but when and how you would be attacked. Therefore, companies must match fire with fire.

Intelligent Threat Detection enhances traditional detection approaches with AI and machine learning to expose threats in real-time. Intelligent Threat Detection monitors employees and determines unique usage patterns. If there is even a slight deviation from the norm (such as an unusual login location), it immediately flags it. Intelligent Threat Detection does not eliminate human oversight; it rather complements professional efforts.

Threat Response: this is a step further than detection. At 72%, threat response is one of the leading use cases of Cyber Threat Intelligence. A threat incident response plan establishes protocols for how threats and vulnerabilities, once identified, shall be managed and escalated. This begins with a full audit of the organization's network infrastructure, taking into cognizance the individual endpoints.

It also involves the prioritization of data and information, which informs the level of escalation to be applied to every threat. What do you do when you identify a compromise? The answer to that is the goal.

User Access Management: today, it's the data that matters ultimately. An insider threat protocol that does not include a plan for data leak prevention is due to fail. In drawing up your strategy, ensure that user access to data is managed properly.

According to a Ponemon Institute report, 62% of survey respondents claimed they had access to company data that they shouldn't. That is improper. Your aim should be to reduce the attack surface at all costs. Many companies these days now adopt a least privilege model for data access. That is, an employee (even the CEO) does not have access to more data than is required to perform their assigned tasks.

Security Awareness Training: of course, security awareness training is still very much important. They should be continuous and adaptive. That is, each time there is a significant change in the company's operations model, employees should be duly educated on the cybersecurity implications of such a change and how they can protect themselves going forward.

Secure Web Gateway

With the establishment of a cybersecurity policy/protocol for employees, the company needs a framework for implementation. The modern approach to this is to use a Secure Web Gateway (SWG).

An SWG uses real-time web filtering to enforce a company's cybersecurity policies. It works by analyzing incoming and outgoing (data leak prevention) company data against corporate policies and blocks any piece of content that violates the established company protocol. The basic features of an SWG include  filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, as well as data leak prevention.

Cloud-hosted SWGs provide the perfect solution for securing remote workers. Regardless of the distance disparity, the SWG applies the same protocols to every worker, device, and endpoint.

Above all, every employee should be encouraged to take cybersecurity personally. This can be achieved by including them in establishing your insider threats protocol. Everyone should know the roles they are to play in preventing, detecting, and managing insider threats. This eliminates confusion. Insider threats are menacing and unforgiving, combating them requires a measured and smart approach.


Michael Usiagwu is the CEO of Visible links Pro, a premium  Digital Marketing Agency committed to seeing your brands/company and products gain the right visibility on the search engine. He has been featured on Innovation Enterprise, Hackernoon, Readwrite & Bizcommunity.


What’s hot on Infosecurity Magazine?