When we say Revolutionary Security takes an integrated enterprise defense approach to every engagement—we mean it. Insider Threat Awareness Month got us thinking about how our broad services portfolio contributes to combatting insiders no matter the program area.
We asked members of the RevSec team to explain how the insider threats theme relates to their service area. Here are their insider insights:
Cyber Threat Hunting + Insider Threat
"Hunting for threats? Think like an insider."
Carlos Melendez | Lead, Cyber Threat Intelligence & Hunting Services
Proactively detecting external threats and adversarial activity on networks is a challenge plaguing every organization. One aspect many organizations overlook is the possibility of an insider threat, which can pose a significant risk. Malicious insiders have been known to alter, fabricate, or hide critical information. Being proactive allows organizations to detect insiders before they exfiltrate proprietary information or disrupt operations. Don’t wait until there’s an incident – use cyber threat intelligence and indicators of compromise specific to the insider threat persona to execute threat hunting campaigns for proactive defense.
OT Program & Governance + Insider Threat
"Design security to address unintentional risks"
Jon Taylor | Lead, OT Program & Governance Services
We know insider threats aren’t always malicious. Take Developers for example. Developers are rarely taught security as a part of programming. This blind spot can lead to buggy code that puts company information at risk. What’s the solution? Support a secure development lifecycle by building processes and procedures that include executing code reviews, threat assessments, and pen tests during development. This is, without a doubt, the most efficient, economical approach to limiting unintentional risk from teams that don’t even know they’re a threat.
Security operations + Insider Threat
"An effective Insider Threat Program informs cybersecurity operations, and vice-versa."
Brent Hambly | Director, Enterprise Transformation
It’s generally accepted that Insider Threat Programs are a collaborative effort between Cybersecurity, Physical Security, HR, Legal, and elements of the business. However, it’s less obvious that the program’s effectiveness depends upon how well the functions share information, align their investigations, and instrument their technologies. The operational arm of the Insider Threat Program is typically the SOC. Having current and specific indicators of insider threat activity, sourced both from industry and internally documented cases, are crucial to the SOC being adept at detecting and investigating insider threat activity.
Ensure that your organization’s Insider Threat Program is tightly integrated with the SOC across three fronts—security technology, investigations, and program strategy.
Cybersecurity Assessments + Insider Threat
"Assess and test your standards to thwart insider threats."
Ross Boulton | Lead, Assessment Services
Assessments and tests can be used to ensure standards are not only implemented, but effectively executed to help detect and protect against unintentional and malicious insider threats. Here are some standards to consider:
Cybersecurity awareness + Insider Threat
"Security training and awareness address the unintentional insider threat."
Mary Dziorny | Cybersecurity Awareness Consultant
Security training and awareness is a mighty tool for educating the would-be unintentional insider threat—but that’s where it ends. Traditional training and awareness of end-users will never be the answer to thwarting malicious threats. So, a robust security training and awareness program coupled with a comprehensive insider threat program is highly recommended for optimal results.
OT Assessments & Testing + Insider Threat
"Third-party vendor connections are a significant risk in many OT environments."
Aaron Bayles | Lead, OT Assessment & Testing
In the OT space, we need to think of vendors and third-party contractors as potential insider threats. Operational environments rely heavily on third-party contractors for day-to-day operations, break-fix support, and incident response. They need access to some of your most critical environments and any delay is costly. How do you accommodate them?
Vulnerability Management + Insider Threat
"Ensure least privilege for maximum security."
Bill McNamee | Lead, Vulnerability Management Services
An effective Identity Management Program restricts data access and permissions based on roles and responsibilities. Following the principle of least privilege protects organizations from unintentional insiders by limiting their impact on data and systems irrelevant to their position. As for potential malicious insiders, asset owners should identify systems with PII or other sensitive data to be crossed-referenced with known vulnerabilities and exploits.
Additionally, ensuring proper remediation timelines are enforced and having an effective, risk-based approach to remediation will reduce the likelihood of an insider potentially running scripts or executables to take control of that system.
Investigations + Insider Threat
"When an insider strikes—here's where to look."
Scott Kamp | Cybersecurity Consultant, Insider Threat Services
What if you’re faced with an Insider Threat before you have time to stand up a formal program? You probably have more resources than you think to help understand the severity of the threat your company faces. Data sets you can review include email logs – where has the employee been sending emails and what files have been included? Network logs provide insight into the employee’s web traffic history as well as any data uploads to external sites. Badge access records can help determine if an employee’s account/system was compromised or if it is being shared by the employee.
Launching an Insider Threat Program is easier than you think.
Work with our team to identify 'quick wins' that advance insider threat detection and response. Insider Threat Services Lead, Nazia Khan, shares her tech tips and insider insights on building and expanding successful programs.