We’ve reached out to cyber and information security experts to see what the newest trends are. Check out our interview with @Security_Sleuth
1. What trends are you seeing within organizations to combat insider threats?
[Security Sleuth] From a technological point of view I have seen three main ways organisations are attempting to tackle insider threats:
1. Restrict the use of technology – This usually involves locking down all devices and blocking access to unapproved collaboration tools and social media. With this approach it really makes it difficult to damage an organisation in a technological attack or leak potentially harmful information about an organisation.
2. Monitor and alert on everything – With this approach there is less focus on restricting users but everything is monitored and alerted upon. This is becoming more and more prevalent particularly with the rise of BYOD and the “New IT” disciplines. When an incident occurs your administrators can block or investigate the issue and deal with the insider appropriately.
3. The Hybrid approach – as the name suggests this is a hybrid approach of 1 and 2. Results for this are varied but it usually lands somewhere directly in the middle but usually materialises itself as monitoring everything and not looking at it properly and enforcing some kind of controls for most people but not those most likely to be behind an insider threat (this is pretty much most organisations).
From a non-technological approach its focusing on company culture and employee wellbeing so that employees are happy and feel they have a voice in important matters so that instead of letting them become bitter and resentful and eventually deciding to lash out against the organisation they can call out concerns and deal with them openly.
2. Have you had any personal experiences with insider threats? How did you deal with it?
[Security Sleuth] I haven’t personally dealt with any real insider threats (however there were a few false positives which have resulted in funny stories) however I have seen a number of processes in place to combat those things as a consultant which include strict access monitoring and control and more recently the DevOps movement to automate everything and stop people accessing Production systems with admin rights incase they ever decide to try and damage an organisation.
3. Is it all a hype or is this a real issue?
[Security Sleuth] Its definitely a real issue. As an example the the Snowden leaks would have been considered a case of a realised insider threat against the NSA.
4. If people aren’t looking out for insider threat organizations, how do you suggest they begin?
[Security Sleuth] I think the quickest way to start is talking to other people in the industry about their experiences and tooling they use. Theres also a high possibility that you could adapt your existing monitoring tools to start monitoring insider threats. Most importantly make sure your company culture creates an environment that makes it hard for insider threats to materialise.
5. What are you most passionate about in cybersecurity/ information security?
[Security Sleuth] I’m most passionate about Strong encryption, Penetration testing, DevSecOps and Digital Forensics particularly with new technology like IoT.
6. What are some of your most helpful / favorite tools to use in the field?
[Security Sleuth] For me personally Splunk and Snort from a monitoring perspective because they allow you to do so much. I think tools like AirWatch also are good from a device control / management perspective.