Managed services providers (MSPs) must constantly defend their clients from hackers, cybercriminals, malware, and state-sponsored cyber warfare. However, sometimes the threat is much closer to home – perhaps right in the office. Welcome to the era of insider threats, an important issue to consider during Cybersecurity Awareness Month.
Insider threats are an organization-wide issue. It requires all stakeholders, from Human Resources to IT to benefits managers, to work together to mitigate. MSPs also have an important role to play in mitigating them.
Steve in accounting or Gladys in purchasing may be wonderful co-workers. However, it doesn’t necessarily mean they don’t pose an insider threat. While organizations don’t want to foster an atmosphere of paranoia, it is also important to stay vigilant.
Although, unlike malware or brute force attacks, insider threats are a human problem. Experts are recommending treating it as though it is a cyber problem.
Watch the exit ramps
Many problems happen when an insider becomes an outsider. In other words, the employee may no longer be with the company, but they still have access to the company’s virtual landscape. This needs to stop.
“Establishing a comprehensive offboarding procedure that thoroughly revokes employee access is crucial,” says Katie-Paxton Fear, Technical Marketing Manager at Traceable, a security company. Paxton-Fear adds that organizations should regularly audit employee permissions to ensure individuals only have access to the systems and files necessary for their roles.
Paxton-Fear also says that taking a holistic approach to employee wellness is effective.
“Providing employee assistance programs for those facing financial difficulties or mental health challenges can reduce the likelihood that insiders feel compelled to act,” Paxton-Fear suggests.
According to an annual insider threat report from GuruCul, the threat of insider attacks is real:
- 48 percent of organizations reported that insider attacks have become more frequent over the past 12 months.
- 76 percent of organizations attribute growing business and IT complexity as the main drivers for increased insider risk.
- 83 percent of organizations reported at least one insider attack. While organizations who experienced 11-20 insider attacks increased fivefold from 2023.
Strategies for MSPs
Or Shoshani, Co-Founder and Chief Executive Officer at Stream Security, said MSPs need to revisit their cloud security strategies. “This needs to be done to ensure individuals with permission to access cloud data cannot harm businesses. This includes mistakenly sharing data to purposeful retaliations. Data in the cloud makes it easier than ever for access and misuse.”
Baran Erdogan, Chief Technology Officer at Offensive Security Manager, says that artificial intelligence (AI) can be used to detect insider threats before they happen.
“For example, advanced machine learning algorithms to monitor user behavior and detect deviation from the norm,” Erdogan explains. “This proactive approach enables MSPs to detect potentially precarious actions, such as data exfiltration or unauthorized access attempts, which could develop into a breach well in advance.”
He adds that even with cutting-edge technologies, MSPs need to undergird security by introducing strict access controls heeding the principle of least privilege. “Limiting not only who may access which data, but also system components, will reduce insider threats,” Erdogan states. He adds that it is also important for MSPs to conduct regular internal audits. This includes simulated insider threat scenarios as a means to testing the technologies in place and human response.
“In every organization, proper communication channels for employees to report suspicious activities without retaliation should be put in place,” Erdogan advises. “By integrating advanced AI monitoring tools with a robust culture of awareness and strong access management policies, MSPs can afford better protection from the significant, and often underestimated, risks posed by insider threats.”
Key steps for mitigating risk
Cache Merrill of software development company Zibtek recommends the following steps for MSPs to mitigate insider threats:
Train at every level: “In addition to conducting bare-minimum exercises for compliance once a year, MSPs ought to enforce critical information safety practices consistently,” Merrill says. Adding regular training updates to employees’ knowledge on potential, actual, and to some degree, even incursion measures against sensitive information.
“Employees will likely understand what a phishing attack or social engineering attack looks like and hence, pose a minimal risk of being manipulated into working unwittingly for perpetrators of the breach,” Merrill explains. This illustrates another truth of insider threats, they can be nefarious or unwitting.
Utilize the RBAC model for configuration access management: “Too much access is one of the internal threat factors that should not exist. MSPs should restrict access to client-sensitive data by providing the employees with role-specific access levels,” Merrill says. This strategy will lower the chances of inadvertent human errors or deliberate attempts caused by malicious insiders in some core infrastructures.
Use anomaly detection systems against insider threats: Merrill advises it is important to use advanced tools for behavior analytics. “In this scenario, MSPs will be looking for abnormal behaviors. Such as abnormally high data dumps or attempt to access the system during anomalous hours, to avert insider threats,” Merrill says.
Insider threats program response plan: “All MSPs should be prepared,” Merrill says. Having a plan of action for damage control regarding breaches is largely dependent on the level of promptness in identification and control. These elements within the organization will allow for better response times.
Mitigating insider threats requires a multifaceted approach that combines advanced AI monitoring, strict access controls, and a culture of awareness within organizations. By training employees at all levels and implementing robust response plans, MSPs can significantly reduce the risks posed by both malicious and unwitting insiders. As the landscape of cybersecurity continues to evolve, proactive measures and regular assessments will be key to safeguarding sensitive information.
Photo: ANDRANIK HAKOBYAN / Shutterstock