An insider threat refers to any security threat – either intentional or inadvertent – from current or former employees, contractors, partners, or anyone with access to an organization’s sensitive information. Insider threats can be among the most difficult to detect – they are employees and contractors using granted access or hackers who have learned to make their actions look like normal activity.
Preventing insider threats requires a new approach combining the ability to monitor endpoints for unusual activity, and investigate suspicious activity in a discreet manner that will not impact employee productivity. With EnCase Endpoint Security, security teams can leverage advanced endpoint detection and response tools to monitor for suspicious activity, triage potential threats, and with EnCase Endpoint Investigator – teams can investigate any network endpoint, without taking a device offline, alerting the employee, or impacting device performance.
Schedule a demo with our solutions consultants to see how we help security and HR teams all over the world manage insider threats.
THE TYPES OF INSIDER THREAT
The Disgruntled or Disloyal Employee
Employees that may have been passed up for promotion, are aware of pending layoffs, or who are simply disgruntled are a common source of insider threats.
The mole is a more nefarious threat. These users are operating under an external influence and may have entered the company via a fraudulent background or have been coerced to act on the behalf of an external actor. This can include corporate or state-sponsored espionage.
Careless employees often become the victim of social engineering, lose equipment, mishandle sensitive data, have weak passwords, or simply email the wrong person. In addition, researchers estimate that half of all security breaches are the result of external actors exploiting unsuspecting insiders to the organization.
An activist is not always after sensitive data. Rather, they often disagree with company policies and values and want to “send a message,” Defacing a website as an example.
While not technically an insider, this is an attacker that has successfully acquired legitimate user credentials and is masquerading as an approved corporate account. According to FBI statistics released in April 2017, damages from phishing scams increased almost 2,400% in just two years.
How We Do It
Insider hacks are not to be taken lightly, especially because they already have access to your network and sensitive data. However, the right forensic security tools will give security professionals the confidence that they can detect when an insider is trying to act, and rapidly respond to solve the problem.