Recognize signs of insider threat: Cyber expertPosted On: Apr. 19, 2021 1:46 PM CST
Companies need to be aware of the signs of insider threat to address the issue, says a cybersecurity expert.
“Insider threats have been growing by leaps and bounds,” said Ram Kumar, information and security and risk leader for Nissan Motor Corp., who is based in Bengaluru, Karnataka, India.
He spoke Sunday during a session of the Risk & Insurance Management Society Inc.’s 2021 conference, which was held virtually.
This threat can come from the negligent employee or from those with malicious intentions, Mr. Kumar said.
Motivations for those who pose threats include those who want to perform illegal activity and have previous violations while there could also be those “who are undergoing personal stress”’ because of financial problems or because they did not achieve what they wanted in their career, had a disappointing performance review, or were passed over for an expected promotion, Mr. Kumar said.
Mr. Kumar said employees and contractors may not understand legal requirements and be unaware of the processes and procedures that put companies at risk. Sending confidential data to an unsecured location can be a big problem as well, he said.
Also problematic, he said, is when employees break their company’s security procedures to simplify their tasks and when their devices are not patched and upgraded.
“There are definitely some behavior indicators of insider threats,” both digital and human, Mr. Kumar said. The former includes if an employee is downloading large amounts of sensitive data and trying to access data that is not associated with their job function, and if they make multiple requests to access resources not associated with their job functions.
Other indicators include if they are bringing in personal devices, such as a USB drives and those who roam the network to seek sensitive information and copy files from sensitive folders to their own drives.
“Human” signs include cases where employees are frequently in the office at odd hours, display “disgruntled” behavior to co-workers, and keep talking about quitting the company and finding new jobs.
Mr. Kumar said steps to mitigate the threat include using confidentiality or nondisclosure agreements, implementing technology tools to manage the database and software, following up with employees who repeatedly try to access security, warning workers about the “dos and don’ts” involved and following through when a breach occurs.
A strong investigation process is also needed, as well as “some sort of coordination” between different teams to monitor bad action, he said.