Insider threats exist within your company and they have the authorization to access part or all of the network and host systems. While some do have the intent to do harm, most do it unwittingly. Whether it was intentional or unintentional, if the employee within the network causes an incident, it is a threat.
Unintentional can be prevented with training and guidance while intentional can be difficult to prevent. Negligent insiders may leave their computers unattended or may improperly utilize a system, but those can be corrected with training and reprimands. But if there are compromised and malicious insider who works for other company or has a grudge against someone in the company, it’ll be hard to prevent them from stealing information or disrupt operations.
There are multiple indicators of potential threat like badging into work and logging into systems at unusual times, copying and transferring large amounts of information on a given day, accessing systems and applications that they usually don’t access, and so on.
One insider threat story is on yahoo. Qian sang, a scientist at yahoo got a job offer at trade desk, a yahoo competitor. Qian sang decided to take the job, but before leaving, downloaded over 570,000 pages of intellectual property of yahoo to his personal device.
It’s important to not only train your employees and monitor their behaviors by using analytics, but organizations should build a threat hunting team that checks up on suspicious individuals and coordinate frequently with HR and IT security teams.
HansITAcademy 