CISO Challenges: Insider Threats

I‘m a great fan of Frameworks because of their explanatory (and actionable) power and I recently found this beautiful graph that mindmaps the best practices for risk mitigation of insider threats.
The issue is somehow contentious because it seems that the bussiness’ right to protect its assets somehow diminishes employees expectations of privacy. In that regard, last time I checked, Court rulings in Spain seemed to me a little inconsistent. So, lets focus on our trade.

Insider threats are insidious and extremely dangerous because the threat actor is entitled to a legit account in the system (don’t forget the members of your supply chain!). In Digital Forensics we learn how to profile (in order to prevent) employees that might be turning onto a insider threat, even categorize their risk in terms of capability and intent; but the backbone of mitigation lies in procedural and administrative controls:

- Proper vetting of candidates at hiring (specially if the candidate happens to be a “plant” from your competitors).
- Separation of duties, n of m authorization on critical steps of the workflow and role rotation help to keep the organization honest in general, and are extremely useful for insider threat prevention.
- A regulated and coordinated off-boarding process.
- Strict management, audit and review of IAM practices.
- On the technical side, UEBA can turn your indicators (bad deed is already done) into predictors (bad deed is coming, so it can be prevented).

A word of advice: around 2/3 cibersecurity incidents (mostly data breaches) come from insider threats. So ramp up your security posture and remember the wisdom words of Buddah: “Change always come from within”. And threats too.