Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

02:00 PM
Bob Swanson
Bob Swanson

Compliance as a Way to Reduce the Risk of Insider Threats

Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.

Insider threats have continued to be a major factor in data breaches over the last year. According to the "2019 Verizon Data Breach Investigations Report," 34% of data breaches involved internal actors. On top of this elusive threat, business environments are growing more complex and data is becoming a more lucrative target. Bring-your-own-device (BYOD) polices and remote working have presented challenges that extend far beyond the traditional environment seen just a few years ago. However, everything isn't all doom and gloom, and there are several steps to consider that enable organizations to begin mitigating this risk factor.

But what if I said that compliance could be a risk-reducing factor? That might seem incredible, but there are several key resources and controls that help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.

Leverage Governance, Risk, and Compliance (GRC) Resources and Check Your Compliance Maturity
One solution for detecting and ideally thwarting insider threats is knowing your users and what their normal activities are. This is not easily accomplished and can quickly exhaust resources. Additionally, there are potential privacy violations that could occur if the increased monitoring is not properly disclosed. Have no fear, your friendly GRC folks are here! There are several key resources that are typically maintained by GRC, and they often expand and cover various compliance and regulatory requirements. These resources can help your SOC teams prioritize higher-risk environments, data, and users.

Preparation Is Key
Risk assessments and the overall risk management process can help provide guidance when the company recognizes increased risks or areas of high business criticality. Further, organizations that are more mature in their compliance positioning will also have system and communication classifications, data and privacy classifications, and classification around various accounts or groups within the environment.

Focusing on higher-risk factors and normalizing activities within these environments will provide a better vantage point into anomalous or potentially malicious activity, without exhausting resources or time. These resources identify the most likely targets, based on higher risk and business prioritization. Therefore, you can focus more robust control implementation based on objective prioritization. Depending on the incident, you can also have playbooks determine if, when, and where increased monitoring needs to be automatically applied.

Training and Awareness
These phases have become a standard control objective in most compliance frameworks. General training around cybersecurity best practices and recognition of potential attacks is crucial across the organization. You will recognize the most benefit by considering training and exercises specific to those teams that would typically respond and report on an insider threat. This additional and specific training can provide many valuable lessons and enable SOC teams to respond, investigate, and integrate with other teams around insider threats.

The overall goal is to build situational awareness across the organization and empower employees to identify situations of concern and report on suspicious activities. Additional training should be catered specifically to the SOC team's operations and users who are likely to or may already be interacting with high-risk data or systems.

SOC + GRC + Legal: The Powers Combined
Although each of the groups function individually around their own objectives, if an insider threat occurs, these three groups' paths will quickly converge. Understanding the compliance and legal requirements surrounding incident response is crucial to proper planning. After-incident reports provide essential lessons that enable each group to learn and adapt.

Because SOC teams are the primary users of security orchestration, automation, and response tools, their focus typically has been automation and streamlining. However, the SOC team can also work with GRC and legal teams to not only facilitate better incident response and case management, but also to help empower continual adherence to any obligations set forth by various regulations and compliance requirements. Imagine the time saved if audit requests or even controls can be automated, all while maintaining a fully complaint audit trail.

As a compliance- and risk-minded professional starting to dive into security and automation, I see tremendous potential ahead. The combination of integrations, automated workflow, hybrid playbooks, and reporting capabilities may just alleviate some of the pain points surrounding compliance. These combinations might even allow compliance to empower SOC teams, and vice versa. One can dream, right?

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic."

Bob Swanson specializes in compliance and privacy and has spent more than 10 years within the governance, risk, and compliance (GRC) space from the vantage points of internal/external audit, developing compliance programs as an internal advocate for companies, and in ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.