Use encryption the right way and keep employees vigilant.
Ask any IT professional to describe who their cybersecurity policy defends against, and they will likely describe a hacker. The hacker is a smart, opportunistic cybercriminal ready to capitalize on your security weaknesses by using sophisticated technology and nefarious social engineering tactics.
And data shows fear is reasonable for this. Through advanced technology hackers can have direct access to large-scale resources typically associated with enterprise-level companies.
But organizations that build their cybersecurity strategy solely around this idea are making a serious mistake. Hackers, dangerous as they are, attack organizations from the outside. What happens when someone attacks from the inside?
Cybersecurity professionals who consider this important distinction are better equipped to handle the realities of maintaining secure networks in today’s security environment. Not only do you have to protect your networks from attack, but you must make them internally resilient as well.
The Anatomy of an Insider Attack
According to a recent Dashlane study, insider attacks make up 34% of all data breaches. These are often attacks of opportunity because employees, by necessity, have access to sensitive company data.
This makes insider attacks far more difficult to detect and much more challenging to prevent than external attacks. Hiring an employee implicitly puts you in a position of trust with that individual, and internal cyberattacks are one of the most serious breaches of trust possible.
There are multiple types of insider attacks and many different ways they can play out. Some examples include:
- Rogue Employees. The first scenario that usually pops into IT leaders’ minds is the disgruntled employee. These attacks are common and span a range from selling sensitive corporate data to competitors to changing important passwords on the last day of work as a final sign of rebellion.
- Compromised Employee Accounts. If an employee’s credentials get into the wrong hands, there may be no way to tell whether the employee caused a breach, or that it was someone else. A compromised account may not be detected at all. If it is, the trail will lead back to the employee.
- Employee Sabotage. Sometimes, one employee will sabotage another, tricking the victim into making an expensive security mistake and then letting management take care of the problem. This is using the company’s security architecture as a weapon to advance a grudge or get someone fired.
These situations are more common than many IT professionals realize. In a recent Gurucul survey, 15% of respondents said they would delete files or change key passwords before leaving a company. This might seem like petty revenge, but it can turn into a complicated, expensive data breach if handled incorrectly.
Managing Encryption for Internal and External Attacks
Today’s cloud-based systems typically offer multiple ways to encrypt user data. IT leaders often understand that encryption is one of the best cybersecurity tools available, but they misuse it.
The problem with encryption is that it doesn’t adequately protect against internal attacks if the encryption keys are easy to access.
Most cloud-based services allow users to use a single passcode to encrypt everything the service does. This is a simple, easy-to-implement security feature that helps ensure cybercriminals can’t successfully pull off a variety of external attacks.
But there is something the single private passcode encryption method fails to do — it doesn’t protect against rogue employees or compromised employee accounts. If, either through negligence or malicious intent, someone gains access to the primary encryption passcode, the entire system is exposed.
This is why many organizations use separate encryption keys for each user. This method is superior to single private passcode encryption but can lead to implementation errors. It also fails to address compromised employee accounts, but it can reduce the damage of exposed credentials.
The best method uses multi-layered encryption both inside and outside the organization while separating users and assigning them unique device keys generated by a third-party security vendor. It is vital that encryption keys are not stored anywhere and that employees do not have direct access to user data.
Security Culture Makes a Difference
Internal attacks cost an average of $8.76 million. Organizations should feel a powerful motivation to address them.
But there is a limit to any security benefits that infrastructure architecture can provide. Physically compromised devices, keylogging software, and social engineering tactics can break through even the toughest defenses.
Under these conditions, IT leaders have to rely on their people more than ever. A workplace culture that puts a priority on the value of security will be able to better equip itself with the tools and processes needed to protect user data.
The company with a security-oriented culture will have better passwords, better user adoption rates for security software, and a greater degree of resilience from internal attacks.