Most months are recognized for a few things—October for Halloween, February for love, and November for gratitude. On the other hand, September is celebrated for a few important observances: Labor Day, back-to-school season, and another you might not have heard of—National Insider Threat Awareness Month (NITAM). We’d try to make a joke about the call coming from inside the house, but we’ll get right to summarizing Cowbell’s take on how to counter the rising insider threat.
As NITAM comes to a close, Cowbell emphasizes the importance of addressing insider threats, which pose significant cybersecurity risks from individuals within an organization. Working with industry professionals, Cowbell focuses on helping businesses identify, deter, and mitigate these threats, which often lead to data breaches and operational disruptions.
Cowbell defines insider threats as either malicious or negligent. Malicious insiders, acting independently or collaborating with external actors, misuse their access to steal data or sabotage their employer’s operations. Conversely, negligence insiders may accidentally expose sensitive information or bypass security protocols, leaving their organization vulnerable.
Real-World Examples
Several real-world examples illustrate the damage that insider threats can cause. A fired credit union employee deleted 21GB of data after her access wasn’t revoked quickly enough, and a technology company employee left millions of driver records exposed due to improper data storage practices. Even non-malicious incidents can have severe consequences, as seen in the case of a U.S. city employee who accidentally deleted 22TB of police data over several years.
To counter these threats, Cowbell highlights several important tactics organizations can use to safeguard their systems:
- Monitor for backdoors: Perform file scans to detect unauthorized access points that insiders or external hackers might exploit.
- Watch for remote access software: Keep an eye out for unauthorized installations of tools like TeamViewer, which insiders might use to bypass security.
- Check for unauthorized password changes: Sudden, unexplained password changes could indicate an insider attempting to gain greater access.
- Investigate firewall and antivirus changes: Alterations in these critical systems may signal an insider preparing the network for an attack.
- Scan for malware: If malware appears on the system, it could be the work of an insider seeking to exploit the organization’s data.
- Flag unauthorized software: Any unapproved software could be a Trojan horse, hiding malware to be used later in an attack.
- Track access to sensitive data: Be vigilant about who accesses critical servers and devices, especially when credentials are required.
Source: The Enemy Within – Insider Threat Awareness.
Other News: Do You Speak “Cyber?” For Brokers Who Don’t, Cowbell Wants to Help (Opens in a new browser tab).
Other News: DDoS overtakes ransomware as most active cyber threat in Europe.