The Insider Threat – Mitigation. (pt.3)

by
Anyone could be an insider threat

This is the third part of my series on the Insider Threat. We have touched on trust and have discussed sorting your information to limit access using the Principle of Least Privilege (PoLP), which you should have read about in my primer about authentication, authorisation and accountability.

The Insider threat – Not just a question of trust. (pt.1)

The Insider threat – Start thinking about sorting. (pt.2)

The Principle of Least Privilege and Authentication, Authorisation and Accountability – A Primer

Today we are going to look at some mitigation tactics, because completely removing the insider threat is probably impossible. What you have to do is eliminate where possible – this is what PoLP does for you – and then put systems in place to control the risks of everyone else.

The Insider Threat and the CEO

For the CEO you can substitute any “C” level member of staff, board member or senior manager who thinks they are special, or even the company owner or founder.

I have often come across senior people in organisations who insist they must have access to everything – in some cases this is warranted, as there are usually a few senior people who should have an all areas pass, but the business case for this level of access needs to be solid.

For everyone else – enforce the Principle of Least Privilege.

The Insider Threat and the Small Business

Large corporates can implement a wide range of prevention tools that are usually beyond the scope of the smaller organisation, however there are some that can be accessed at a reasonable cost.

Monitoring

If you use Microsoft 365 or Google Workspace make sure the full suite of logging options are activated and make sure all your team knows this has been done. It will not stop an insider event, but the knowledge that they may get caught will be enough to deter the sales manager from downloading and taking your customer database to their next job.

PoLP in Apps

I often find when carrying out IT and Cyber Security Audits that “in app” controls are not used to implement PoLP. Check these have been used and check that passwords have not been shared to enable someone to help out when others are on holiday. If this has to happen, it should be documented – again if people know they may get caught, it should deter them.

Manage Mobile and BYOD Devices

For details of this I refer you to my current series on Smart Thinking looking at BYOD, Bring-Your-Own-Device.

BYOD Bring-Your-Own-Device – A Primer (pt.1) | Smart Thinking Solutions

Next Week

I need to bring this article to a close today, but I still have more to say on insider threat mitigation, so we will continue next week.


Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

Are you using Bring Your Own Device – BYOD – to save money? – CyberAwake

Photo by Andrea Piacquadio

Contact us for consultation

Wake up to cyber threats..

The Insider Threat – Mitigation. (pt.3) Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close