Insider threat awareness is such a significant aspect of cybersecurity that the National Counterintelligence and Security Center in partnership with the National Insider Threat Task Force and other U.S. government agencies designated a month every year to the issue.
“One of the most significant insider threats facing organizations today is the challenge of properly managing employee exits and access revocation. Even weeks or months after departure, it is all too common for exiting employees to still have lingering access to company systems and data. From there, malicious insiders can then steal sensitive data or sabotage critical systems rather easily by exploiting these oversights. And, as organizations have become more reliant on cloud services and remote work, unfortunately this risk has only grown,” says Larry O’Connor, CEO and founder of Other World Computing.
“Luckily, today we have robust identity and access management controls to mitigate these insider risks. This includes automating the process of disabling accounts across all apps and services when an employee leaves the company. Leveraging technologies like two-factor authentication and certificate-based authentication can also help prevent unauthorized access — even if login credentials are compromised. Additionally, maintaining comprehensive, air-gapped backups of critical data is essential – this provides a secure fallback in case malicious insiders do manage to delete or encrypt production data.”
Noting the importance of organizations taking a hard look at their security practices around employee offboarding and data protection, he says, “It’s not a matter of if, but when, an insider threat incident will occur. Companies can significantly reduce the risk and impact of these threats by proactively implementing the right people, processes, and of course technologies. Bottom line — protecting against malicious insiders should be a top cybersecurity priority all year round.”
