Every once in awhile, a survey provides insights that at first glance don’t seem out of the ordinary. They generally validate a hypothesis. That is why we were somewhat surprised when we commissioned a survey of IT security professionals working in enterprises large and small. While there is a realization that insider threats are on the rise, what we learned was that the problem is rising very quickly in the minds of IT professionals. In fact, about half of them are more concerned about internal threats than external threats. Upon further analysis, we found:
- About half (49 percent) are more concerned about internal threats than external threats.
- Top concerns are malware installed by careless employees (73 percent), stolen or compromised credentials (66 percent), stolen data (65 percent), and abuse of admin privileges (63 percent).
- The majority of security professionals (87 percent) are most concerned about naive individuals or employees that bend the rules to get their job done; only 13 percent are more concerned about malicious insiders that intend to do harm.
There are probably many reasons why this could be true, including:
- The dissipating enterprise network boundary
- The trust businesses place in their employees and the potential negative side effects of such trust
- The rise of sophisticated hacking, malware, ransomware, etc. and its impact on business profits, brand, reputation, etc.
What this means, though, is that the solutions that exist today have to be significantly different from those that were used to protect the enterprise perimeter. And the budget priorities that have traditionally driven IT security projects have to change to reflect this new reality. This has implications for staffing, product choices, vendor priorities, managed services, and the rest of the security ecosystem.
At the perimeter, distinguishing between good and bad actors is usually a binary question. Allow and deny are perfectly adequate responses once such a determination is made. Most security products reflect that narrative. For the internal network, though, identifying what is good or bad is very nuanced as employee behavior can change for various reasons – change in project, role, location, etc. In such cases, making a binary decision can lead to business disruption.
The easy way out is to have solutions that notify security administrators about potentially risky activity that they can then investigate. This leads to the staffing challenge: the significant shortage of qualified security professionals. Solutions that only perform detection will be transitional and obsolete in the next few years. Integrated enforcement will be a requirement going forward. Such enforcement will need to be granular and flexible enough to meet the needs of different types of enterprises. Allow and Block will be among the different options to respond to threats. Multi Factor Authentication, Notify, Re-authenticate, NAC enforcement, SSO restrictions, etc. will be the norm. Using such response mechanisms will also get end users involved in the security effort, while continuously educating them to potential security risks.
With the changing emphasis on the internal network and users, it is recommended to develop a plan that will address this class of threats effectively. The end result will be significantly improved network security, both for internal as well as external threats. The key components of building the strategy include:
- Creating a strategic security plan that give equal attention to internal as well as external threats
- Identifying solutions that can adapt to the dynamic nature of internal enterprise networks
- Deploying solutions that reduce manual security analyst interventions
- Engaging end users in the security process
These steps can help you to improve visibility, reduce risk levels and respond to threats in real time all this while empowering your users and giving them a chance to take part in the security effort. In the end, both external and internal security threats can be addressed.
About the author: Ajit Sancheti is the Co-Founder & CEO at Preempt Security