INSIDER THREATS: Can Cybersecurity Professionals Avoid the Train Wreck?

Cybersecurity: Insider Threats

Most organizations have adopted some form of cloud implementation as part of their broader IT strategy. However, in a rush to gain a competitive edge and meet project deadlines, very few organizations have thoroughly thought through the security implications from an identity management perspective.

That reality has the potential to negatively impact all of us in a variety of ways.

The rise of heterogeneous computing systems and applications in the last two decades has led to the wide adoption of directory services for authentication and authorization. Microsoft Active Directory is the market leader by a sizable margin because of its tools to manage Windows PC’s. For that reason, it has become the de facto standard for on-premises identity management.

This leads to organizations having sizable investments in Active Directory infrastructure, and established processes and procedures to manage access to their critical assets. However, the rise of cloud computing and hybrid cloud is adding additional complexity to IT infrastructures.

Additionally, it is requiring the retraining of personnel to better understand the new security implications of cloud and third-party applications regarding access control. Unfortunately, this is all happening at a time when IT training budgets are being slashed.

See that light at the end of the tunnel? It’s a train, and a wreck is about to happen.

This security situation brings us to a sensitive topic that many organizations are reluctant to discuss: the insider threat. In Accenture’s latest annual report, the Cost of Cybercrime, the most significant cost increase came from insider attacks carried out by employees, contractors, and business partners. For example, in 2018:

  • Malicious insider attacks jumped by 15%
  • Insider attacks average $1.6 million PER ORGANIZATION
  • The impact of cybercrime is rising: $13 million PER ORGANIZATION

What does all of this mean for managing access to cloud and hybrid infrastructures? When we conduct cybersecurity training, that is by far the foremost thought on the students’ mind.

Organizations will need to have a comprehensive Identity Access Management (IAM) strategy for these new services, and security cannot be an afterthought. Have YOU, as an IT professional, asked yourself these questions as you embrace evolving cloud architectures?

1) How will cloud resources integrate with our established identity management solutions?

2) Have we established processes and systems to audit and log access to cloud-based systems?

Granted, cloud systems are still maturing in terms of offering unified identity management solutions, but given the increasing insider threat, it is an area that organizations ignore to their peril.

To close on a positive note, this looming train wreck doesn’t need to happen. Asking the right questions and receiving correct information will go a long way in mitigating this threat. Armed with those tools, the final step is the easiest.

Assemble your IT team, conduct practical training / testing programs, and and step off the track.

Michael I. Kaplan is the Director of Phase2 Advantage, a cybersecurity consulting and training company based in Savannah, Georgia. Michael is also the Chairman of the Cyber Security Advisory Committee at Savannah Technical College. His technical areas of specialization are Incident Response, Business Continuity / Disaster Response Planning, Information Security Management, and Digital / Network Forensics. Feel free to contact Michael at info@phase2advantage.com.

Leave Comment

Your email address will not be published. Required fields are marked *