5 ways to reduce internal cybersecurity threats

A network security threat can come from any direction, but here we will consider protection from internal (insider) threats.

Joseph Marc Blumenthal - President of BluLife, covers the issues of security and storage of online publications.

Cybersecurity has traditionally focused on keeping outside intruders out of an organization's IT resources. But it is important not to lose sight of threats from insiders as well. An employee may sell confidential data to a competitor, engage in cyber vandalism for revenge, or take other actions to harm the company and its data. The cybersecurity threat from insider cybersecurity is vast and includes both accidental and deliberate actions. Here are 5 ways to help you improve the security of your organization.

1. Limit the “blast radius”

The first thing you can do to mitigate your company's internal cybersecurity threats is to minimize the damage that an attacker might cause. We often refer to this to as “blast radius limitation”.

Organizations should enforce the least privileged access policies. This means that users should only have access to the resources they need to get the job done. It is also important to understand that it is psychologically easy to focus solely on ordinary users, but we must remember IT people are potentially the greatest threat of all. Role-Based Access Control ( RBAC) should separate administrative responsibilities. This will significantly limit the amount of damage that a single administrator can do if he becomes fraud or if they compromised his account.

2. Measures to prevent losses

Another important step in the fight against internal threats is the implementation of tools to prevent data loss and leakage (DLP - Data Leak Prevention). For example, DLP can track outgoing email to see if it contains sensitive information. This goes far beyond filtering attachments. DLP typically analyzes the text in an outgoing message for patterns that match known sensitive data types. If we find a pattern match, the message may be blocked or even redirected to HR without notice.

For a concrete example, the social security number used in the United States comprises a sequence of numbers and a dash and looks something like this: 078-05-1120. If the email contains a number that matches this format, then it is most likely a social security number. The same concept applies to searching a message for credit card numbers, bank accounts, TIN, and more.

If your organization uses Microsoft 365, you may already have a DLP solution (depending on your subscription).

3. Ban on the use of removable media

Another thing that organizations can do to prevent internal cybersecurity threats is to prohibit the use of removable media and storage. Employees cannot plug in USB drives and accordingly use them to steal confidential information or inject malware into the system. You can apply Group Policy settings to prevent the use of removable media.

If you are using Windows, you can disable removable storage in the following way. Go to:

Computer Configuration / Administrative Templates / System / Removable Storage Access /and enable the All Removable Storage Classes: Deny All Access policy setting, as shown below:

4. Encrypt the data

Storage encryption can significantly reduce internal cybersecurity threats. If someone steals a disk or tape backup or exports a copy of a virtual machine, encryption can prevent that person from reading the information from the outside, rendering the data useless.

5. Don't keep monitoring a secret

One of the best things you can do to mitigate internal cybersecurity threats, oddly enough, is to be loud and clear about what you are doing. I lost count of how many times friends or family members asked me how employers could see what they were doing on the Internet. This shows that users are often unsure about we implement monitoring capabilities in their workplace.

Organizations should consider what means of monitoring staff activity should be established, what activities should be recorded by employees, and how often screenshots should be taken. And as soon measures are implemented, be sure to inform employees about it. Knowing that an organization is monitoring everything online can be a powerful deterrent to internal threats.

Conclusion

As you can see, there are several ways that an organization can apply to mitigate internal cybersecurity threats. We have described some of the many remedies. These techniques help organizations counter malicious activity and can also limit the damage caused by an accidentally hacked account or malware infection.