Inside Job: Safeguarding Against Internal Cyber Threats

The Software Engineering Institute (SEI) at Carnegie Mellon University defines insider cyber threats as “the potential for an individual who has or had authorized access to an organization’s assets to use that access, either maliciously or unintentionally, to act in a way that could negatively affect the organization.”

As such, a team from SEI recently issued the sixth edition of its Common Sense Guide to Mitigating Insider Threats, where it lists the following 21 recommendations for businesses to deploy:

• Know and protect your critical assets.
• Develop a formalized insider threat program.
• Clearly document and consistently enforce policies and controls.
• Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior.
• Anticipate and manage negative issues in the work environment.
• Consider threats from insiders and business partners in enterprise-wide risk assessments.
• Be especially vigilant regarding social media.
• Structure management and tasks to minimize insider stress and mistakes.
• Incorporate malicious insider threat awareness into periodic security training for all employees.
• Implement strict password and account management policies and practices.
• Institute strict access controls and monitoring policies on privileged users.
• Deploy solutions for monitoring employee actions and correlating information from multiple data sources.
• Monitor and control remote access from all end points, including mobile devices.
• Establish a baseline of normal behavior for both networks and employees.
• Enforce separation of duties and least privilege.
• Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities.
• Institutionalize system change controls.
• Implement secure backup and recovery processes.
• Close the doors to unauthorized data exfiltration.
• Develop a comprehensive employee termination procedure.
• Adopt positive incentives to align the workforce with the organization.

Many of these guidelines appear to be just common sense business practices, but establishing them firmly, communicating them clearly, and enforcing them consistently makes the difference.  Insuring against internal cyber threats carries its own set of parameters and requirements, as well.The professionals at The Reschini Group can help your organization protect your organization against losses from internal cyber fraud.  Contact us to talk more about this important consideration.* https://resources.sei.cmu.edu/asset_files/TechnicalReport/2019_005_001_540647.pdf