by Jasmine Chennikara-Varghese

Every organization struggles with managing and mitigating cyber threats both internal and external. Typically, more focus and resources are spent on fortifying perimeter security which provide sufficient protection to deter external threats. However, perimeter security does not protect from threats already lurking within your enterprise cyber landscape. Security and application teams are increasingly concerned about the service disruption, intellectual property theft, financial loss and corporate espionage that can be perpetrated by insiders.

Insider threat is the cause for over 60% of data breaches.  A disgruntled worker, a terminated employee, or a third-party contractor can potentially access corporate, employee and customer data for their own financial gain, corporate espionage or plain old revenge.  Recent events such as Tesla’s insider attack highlight the gaps in internal security measures that could be leveraged by determined insiders.

The inside attack is a challenge to detect since it is usually disguised as innocuous, routine activities. Any user with the right access is an insider risk. So how do you give users sufficient access to do their jobs and be productive while also quickly discovering when they are doing something more malicious? Insider threat can be partially managed with preventive security measures such as access control and identity management leveraging a least user privilege model. In addition, you can mitigate insider risk of users who have temporary or emergency superuser access for troubleshooting applications or updating configurations by implementing a compliant. auditable process to grant access to critical data and transactions on an as-needed, time-bound basis. 

Applying access control on users is critical but not sufficient. What about those users who have been granted privileged access?  How can you know what they are doing is within their job role and not activities of a breach? Like any good detective, you start by first understanding their typical behaviors in your enterprise landscape. This means continuous monitoring and correlation of users, their activities and their impact on the business applications. Then you search for the behaviors outside the normal variations. Did the user’s viewing of certain master data tables exponentially increase this week? Was there a dramatic jump in the monetary transactions performed by users? Was a new transaction type executed by the user?

With deep visibility into all user activities and transactions, you can achieve actionable insights into the behavior of both your users and your applications, empowering you to discover insider threats as well as accelerate investigations when a breach or a cyber attack does occur. Learn how Greenlight can help you clear the blindspots in the cyber landscape to mitigate insider risk.