Closing the human gap in cybersecurity to prevent insider threats
By Manasa
Published on Nov 14, 2022Humans are the weakest link in the cybersecurity chain, and any chain is only as strong as its weakest link. The root cause of most cyberattacks can be traced back to negligent or malicious insiders, making the human factor crucial to consider when it comes to security decisions. However, most organizations fail to address insider threats and do not take user behavior into consideration while drawing up their cybersecurity frameworks. While attacks caused by human fallibility and negligence can be prevented by educating employees about safe cyber hygiene practices, the intentional kind is harder to prevent.
Insider threats and attacks are among the most pressing challenges that organizations face today. They can be particularly damaging, since insiders have privileged access to an organization's sensitive and critical data. This leaves behind serious repercussions such as data breaches, legal implications due to compliance violations, financial impacts, damage to the organization's reputation, and loss of customer loyalty. While insider threats generally refer to the threats that originate from users within the organization, they can be classified further based on the intent of the insider or user involved in the attack. They can be compromised insiders, negligent insiders, or malicious insiders. Negligent insiders do not have any specific intention of wreaking havoc, unlike malicious insiders. Malicious insiders are employees or users that exploit security loopholes to steal information and disrupt the normal activities of the organization. These are typically employees looking for financial gains, or disgruntled employees looking for a way to harm their organization. To understand this better, let's look at an insider attack caused by a malicious insider.
Anatomy of an insider attack
Take the example of a disgruntled employee who is about to leave the organization. Before submitting their resignation, they want to leverage their employee access to privileged information and sell it to an external agent who will benefit from this data. They plan on carrying this out in multiple steps. In the first step of the attack, they identify the level of access needed to obtain the required data. Once they discover that one of their coworkers has the desired level of access, they perform a brute force attack to log in to the target system. The password isn't too difficult to guess since the coworker has previously mentioned using passwords that are easy to remember to avoid getting locked out of their system. This is an example of negligent human behavior. After a couple of attempts, the employee is in and able to access the said data. In the next step of the attack, they use a USB drive to export the data in order to sell it to the external agent. In this manner, an employee can launch an insider attack, steal sensitive data, and leverage it for personal and financial gain.
While it is natural for us to associate only technology, machines, and malware with cyberattacks, it is time we learned to recognize that the actual cause of any attack starts with people—sometimes our own. In order to combat these human-induced threats, it is crucial to adopt technologies and techniques that leverage the fallibility and predictability of human behavior. This goes a long way in preventing threats and attacks that can be attributed to the human element, malicious or otherwise.
Identifying insider threats with UEBA
User and entity behavior analytics (UEBA) is one such technique that leverages the predictability of human behavior to detect and identify anomalous and unusual behavior. UEBA utilizes AI and ML techniques to analyze the behavior of humans, machines, and other entities in the network. By creating a baseline of normal behavior, it is easier to identify any anomalies that may indicate insider attacks and other possible malicious activity within the network. Besides this, UEBA also assigns scores to indicate the intensity of the threat, allowing IT admins to prioritize certain high risk threats over others. With remote and hybrid work becoming the norm, a Zero Trust strategy has become a fundamental security requirement for most organizations. UEBA fits perfectly into a Zero Trust strategy by accounting for the human element, effectively mitigating insider threats.
Closing the human gap in cybersecurity is one of the most pressing challenges encountered by cybersecurity professionals and IT admins. To address this challenge effectively, it is crucial to factor the human element into any cybersecurity strategy.