The damage caused by internal attacks on the information systems of companies in the US grew by 31% in the last three years, with an average cost of more than 11 million dollars, according to the 2020 Cost study of Insider Threats : Global. There was also a 47% increase in the frequency of incidents that, on average, take 77 days to contain. Of the three main profiles – negligent users, infiltrators and credential thieves – the latter are the ones that cause the most damage, although they only represent a quarter of the attacks.
To help curb this emerging threat, AUTELSI has prepared a paper that analyzes this problem, which has served as the basis for the meeting “Internal Cybersecurity Threats: Insiders ” in which Mikel Salazar Peña, Head of Cybersecurity for Iberia at DXC Technology , presented a roadmap and best practices and technologies to combat insiders .
Telecommuting has exponentially increased risk due to the use of insecure connections, the use of personal devices and the blurring of the perimeter, problems that add to the already complicated threat landscape of the pre-pandemic.
For Mikel Salazar Peña, in the battle against the ‘ insiders ‘ it is necessary to focus on three key principles. The first is Reduce complexity. Identify and understand the risk to which organizations are exposed, having a clear starting maturity level and entry vectors. In addition to compliance with regulations, it is essential to have a plan prepared in case the organization is compromised and to have reputational and operational impact management protocols.
The second is Protect the data. “We have to change the chip, before the focus was on securing the network, now the urgent thing is to pay attention to data and identity. We recommend the implementation of the Zero Trust model where any user or element is a potential threat, regardless of whether it is internal or external. Thanks to Zero Trust we will have a reinforced authentication, verification processes and improvement in the visibility of the use of the data in a transversal way”, declared Mikel Salazar.
Its implementation requires strong authentication (supported by multifactor and conditional access solutions), in a reliable device (free of vulnerabilities and with advanced EDR response systems). It will also be essential to ensure the principle of least privilege. In the case of verification, it will be essential to incorporate User and Entity Behavior Analysis (UEBA) systems supported by artificial intelligence and machine learning for the advanced detection of this type of ‘ insiders ‘.
The third focus is to place Security at the center. The employee is the first line of defense and a good training and awareness plan that includes reinforced policies, security updates and continuous training is essential. At a corporate level, it is essential to sponsor the management, creating a culture of security, applying the principle of the ” secure ” principle. by design ”.
