In this article
- Understanding the scope of insider threats
- The emerging unknown insider threat trend
- Five mitigation strategies to combat insider threats
Is the person in your Teams meeting actually who they say they are?
Concerns about new insider threats are surfacing as more employees shift to remote work. These worries range from employees accessing secure systems through unprotected networks to employees contracting others to perform daily tasks using their login credentials. Workers are no longer restricted to the office, and activities on Wi-Fi at home, in coffee shops, or on the road are much harder to monitor.
Remote work at this scale is unprecedented, and these unknowns have reignited the conversation about the cybersecurity threats that come from within an organization. Here’s what you need to know about insider threats and the measures your business can take to mitigate risk.
Understanding the scope of insider cybersecurity threats
An insider refers to anyone with access to an employer’s systems, network, and data. An insider threat involves intentionally or unintentionally using that access to threaten an organization’s security. The U.S. Cybersecurity & Infrastructure Security Agency has identified four main types of insider threats: Unintentional threats, intentional threats, collusive threats, and third-party threats.
Include negligence and accidental, neither of which holds malicious intent. Employees clicking on a suspicious link, misplacing sensitive information, or sending sensitive documents to an unsecured email account are all examples of unintentional insider threats.
Involve bad actors within an organization taking malicious action for their gain or to cause issues within an organization. Insiders might leak information, sabotage systems or networks, or steal and sell data.
Involve one or more insiders collaborating with bad actors outside the organization.
These threats don’t involve employees, but entities related to an organization, such as vendors or contractors. These are external entities with some level of access related to their business, which could pose a risk to an organization. Similar to insider threats related to employees, third-party threats can be malicious or accidental.
Though external cybersecurity attacks – think phishing or social engineering – outnumber internal attacks, the results from an insider threat can be no less devastating. These known insider threats represent a constant risk to an organization’s cyber defenses. But an emerging trend of employees working multiple full-time jobs, or being overemployed, is presenting a type of threat that Brandon Hoyt, Internal Security Director at Huntington, calls an “unknown insider threat.”
The rise of unknown insider cybersecurity threats
“Remote, overemployed workers might get overwhelmed by keeping up with emails or Teams messages and decide to contract someone else to manage those day-to-day interactions,” Hoyt explains. “If an unknown person has the employee’s access to the work systems or databases, they could steal, compromise, or leak sensitive information.”
While employees holding more than one full-time job isn’t a security issue itself, there is a potential for unknown entities to gain unauthorized access to an organization’s secure network.
Proving the person behind the keyboard isn’t the employee they are impersonating would be difficult, says Hoyt. But there are steps organizations can take to minimize this risk.
If your organization has a hybrid work environment, host a mix of in-person and virtual meetings to bring people into the office. Additionally, request employees turn their cameras on during virtual calls.
Setting up a secondary method of communication, such as calling on a cell phone, can also help verify employees are who they say they are. Employees can also use this strategy when communicating with vendors or company representatives. When in doubt, call the person in question.
Five risk mitigation strategies to thwart known and unknown insider cybersecurity threats
The recommendations to combat unknown insider threats can apply to insider threats. In addition to taking care to verify the identity of the person you’re communicating with, Hoyt recommends the following five risk mitigation strategies:
- Raise your hand if something feels off. “This is the best advice to combat insider threats,” says Hoyt. “If you’re suspicious about an individual or a situation, report it to your manager, Employee Relations Consultant (ERC), or the ethics line, which is an anonymous reporting system.”
- Offer multiple channels for employees to report suspicious behavior and maintain anonymity. Offer more than one reporting option for employees and stress that they can report anonymously to the organization. If employees believe they could be retaliated against for reporting, they’ll hesitate to do so.
- Implement role-based access and restrict third-party access. Employees and third-party entities should only have a level of access that makes sense for their role. Restricting this access can help protect your network, infrastructure, and data.
- Require permission for USB or remote drive access. An insider with access to sensitive data could easily copy it onto a USB or remote drive if you don’t restrict this access. Make sure employees can’t use these types of drives without specific permission.
- Train employees on password best practices and implement two-factor authentication. Employees can misplace their devices, connect to an unsecured network, or allow a list of passwords to be stolen. Strengthening employee passwords and requiring two-factor authentication can be a secondary defense against unauthorized access.
Remaining vigilant against insider cyber threats
Overemployed workers contracting out daily work to unknown persons will hardly be the last new insider threat facing organizations. Remote work has given employees greater flexibility, but it has also made cybersecurity an even more significant concern. Provide regular training to employees to ensure they are aware of IT policies and best practices and restrict access to only what is essential. These proactive measures might not protect against every malicious or accidental threat, but they can mitigate harm and prevent breaches from escalating.
Connecting you to what matters most
Huntington can support you with the insights, resources, and expertise you need to grow and strengthen your business. Contact your relationship manager to start the conversation.