Learn From Past Incidents
Learn From Past Incidents
Insider attacks are common enough that there will be repeat incidents. Take precautions so that the latest incident can't be repeated again. IT can write an automated script that can monitor and detect if someone else gets recruited to run the scam again. The company can invest in technology to flag users sending source code through email to an external account or copying data onto a USB drive.
Focus on Protecting the Crown Jewels
Yes, everything is important, but there is one thing that is even more important. That one thing, if stolen and given to a competitor, could be disastrous. Protect that. Examine how people have access to that data and what protections are in place. Organizations need to know what their "Crown Jewels" are and put in controls to block the threat.
Use Your Current Technologies Differently
Organizations have generally deployed technology to keep people outside the network from coming inside. Instead of getting entirely new systems to look at the people on the inside, think of how existing technology can be used differently. Start examining the traffic going out of the network, as well as what is coming in, to see how information is flowing in and out of the company.
Mitigate Threats From Trusted Business Partners
Contractors and third-party service providers are insiders, too. Make sure they can't take information stored in your systems for one customer and give it another customer. Their access should be limited to a strict need-to-know basis, and there should be regular monitoring to see what information has been accessed.
Recognize Concerning Behavior as a Potential Indicator
Employees who are exceptionally angry or with a history of unresolved issues bear extra watching. Several instances of IT sabotage are actually launched after the employee left the company. If an employee is sending threatening letters to management, consider that a sign. If an employee with a background as a system administrator is working as a night guard, find out why.
Educate Employees About Potential Recruitment
Warn employees that they may be contacted by outside recruiters to run these scams. If employees are aware their managers know this can happen, that can act as a deterrent from joining in the first place. In a credit card environment, it is possible to see if the same employee is approving a high number of users for credit cards that end up defaulting.
Pay Close Attention at Resignation and Termination
Resignation is a very important time period for employees and employers, especially since that is when a bulk of IT property theft occurs. IP theft generally occurs within 30 days of submitting a resignation, so those employees should be carefully monitored. After an employee gives notice, it is also worth checking what happened 30 days prior, as well. Fraud thieves are typically happy and work effectively because they want the scam to continue.
Address Employee Privacy Issues With General Counsel
Auditing employee actions can raise a lot of legal issues. Make sure the company is protected by involving the general counsel and making sure all requirements are met.
Work Together Across the Organization
Detecting, catching and preventing an insider attack is not just the job of the security or the IT team. Everyone should be involved in the process, whether it's encouraging employees to notify management if they see a colleague sending files to a personal account, or putting together programs to discuss how to handle situations when a criminal recruiter comes knocking on the door.
Create an Insider Threat Program Now
Organizations have to get buy-in from top management and work to build an insider threat team immediately. The problem is too common and too devastating to postpone. Create policies approved by general counsel, develop processes and implement controls. Once it is rolled out, consistently enforce policies.