Most InfoSecurity professionals know the risk of insider threat all too well. But while we stress out about how to stop malicious “double agents” from stealing data and sabotaging our companies, it’s easy to forget the first step: separating the “insider” threats from the “inside” threats—focusing on the threats perpetrated by outsiders masquerading as your users or using legitimate credentials.
Insider threat terminology and statistics shroud the real danger
It seems like every day a new analyst report or expert article reveals a scary new statistic on increasing insider threats. But these stats are a little misleading. The problem is that a lot of insider threat reports and statistics include both attacks carried out by actual employees and those perpetrated by outsiders using compromised employee credentials. It’s not that the danger isn’t growing—attacks and breaches really are more frequent and costly. But most of the risk still comes from outside actors: The 2017 Verizon Data Breach Investigation Report found that 75 percent of all breaches are perpetrated by outsiders. More of these outsiders are using clever social engineering attacks—phishing, spearphishing, etc.—to successfully compromise legitimate “insider” credentials.
Focus on the inside threat first
Misleading stats tend to get people focused on the wrong things. In the case of insider threat, many organizations are now spending too much time fretting about how to find the moles scheming to take them down from the inside. Their attention—and money—is much better spent focusing on identifying and stopping the much-more-prevalent risk of inside threat.
How can you spot inside threat sooner—without slowing down the business?
Unfortunately, mitigating inside threat isn’t much easier than mitigating true insider threat—in fact, a lot of the challenges and key questions are the same:
- How do you recognize risky or malicious activity when it’s completely authorized?
- Since inside threat almost always starts on endpoint devices—where half of all enterprise data now lives—how can you see everything going on at the periphery of the enterprise tech ecosystem?
- Most importantly, how do you mitigate the inside threat risk without negatively impacting the business? You can’t put up rigid barriers or use security tools that slow down users or limit their new, untethered ways of working that are critical to driving business growth.
Tune in for exclusive webinar on mitigating inside threat
These aren’t easy questions to answer. But leading InfoSecurity pros are coming up with some highly innovative ways to solve the inside threat problem. We’re excited to host an exclusive webinar during which Code42 Chief Security Officer Rick Orloff will talk about these emerging best practices—from how to maintain visibility of all users’ endpoint activities, to how new analytics tools can help you recognize abnormal and/or high-risk activity, to how to quickly determine if the threat is coming from an insider or simply inside.
Inside Threat: The Evolving Nature of Attack Patterns