Insider Threats: How to Reduce the Risks From Within Your Organization

This blog post is in partnership with LMG Security. With professional hackers and cybersecurity criminals posing a constant threat to law firms big and small, the reality is that your firm’s sensitive data will always be a target. The good news? This risk can be averted by a few simple and cost-effective security strategies which you’ll learn in this CLE Cybersecurity Academy presented in partnership with LMG Security. 

It’s Cybersecurity Awareness Month and we’d like to mark the occasion by focusing on one of the most challenging cybersecurity risks – the insider threat. Did you know that the evidence indicates Accenture’s recent $50 million ransomware attack may have been an inside job? Last summer, criminals offered a Tesla employee $500,000 in exchange for installing malware in the manufacturer’s environment. The employee alerted his supervisor—but would yours? (Watch this Breaking Breaches video for full details on the Tesla attack.)

The risk of malicious insider threats is rising, and criminal groups are actively advertising for insiders to help them hack into organizations. Earlier this year, the LockBit ransomware group launched advertising campaigns offering big payouts to employees that provide access to high-value networks. These payments can reach millions of dollars.

Now that the average cost of an insider threat has reached a staggering $11.5 million, it’s crucial that you take steps to reduce your organization’s risks.

Would one of your employees take the bait?

When you consider how to reduce your risks from insider threats, this is a case where an ounce of caution is worth a pound of cure. Proactive preventative measures are your best path forward. But, even if do everything right to protect your environment from criminals, all your efforts are moot if an employee lets them inside.

Sadly, preventing insider threats is very difficult – especially for malicious actors. A recent survey found that “53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack.” CISA recommends that organizations create an insider threat mitigation plan and offers a 5-step process, tools, videos and program recommendations.

Here are some “low hanging fruit” steps that will help you quickly and effectively reduce your risks of insider threats.

1. Proactively train your staff. This is the best and most effective way to reduce your risk of an insider threat. Your staff is a key part of your cybersecurity defensive posture, and providing cybersecurity awareness training for your entire team can help you prevent and detect suspicious activity. There are many resources that help you start or expand a cybersecurity awareness training program – check out this blog for suggestions on who to train and how to provide training. If you have a limited budget, you can start by sending your team free tip sheets on how to avoid phishing attacks and good cyber hygiene practices, then discuss it at a company meeting. If you have a larger budget, you may decide to use an on-demand subscription cybersecurity awareness training service. Whether you have a large or a small budget, every organization should implement an employee cybersecurity training program.
2. Limit employee access. Most employees have WAY more access to your data and your environment than they need. Limit employee access to only the information and systems they need to do their job. Your organization should also regularly review access and authorizations. It is crucial that you promptly remove employees who have left the organization (especially employees who may be upset), and update access for employees who may have changed roles.
3. Create a culture of security (not a culture of blame). Ask employees to immediately reach out to an appropriate contact if they think they may have accidentally clicked on a malicious link or become infected with malware. It’s also important to offer easy reporting methods for concerns about personal or peer security issues. Some organizations allow employees to anonymously report any suspicious peer activity. Regularly communicate that employees who report any cybersecurity risks – whether it’s their mistake or the mistake of another – are heroes for stopping attacks before they can cause major damage. This simple change to your company culture can reduce your risks, especially since early detection dramatically decreases the costs and damage from a data breach.
4. Monitor your environment and your logs. Tune your security software to spot a threat before it becomes a full-blown incident. Make sure you have a team monitoring alerts 24/7. This video on proactive monitoring and logging contains a wealth of information for starting or optimizing a monitoring program.
5. Conduct an insider threat self-assessment. CISA has released a new insider threat self-assessment This is a great way to start asking and answering the hard questions about your organization’s risks. Strapped for time? You can also bring in supplement resources to conduct a risk assessment and request that your provider add an insider threat assessment as part of the project.
6. Continue learning and advancing the maturity of your insider threat prevention program. Cybersecurity is constantly evolving, and organization must continuously evolve and mature their cybersecurity programs. Ensure this is part of your strategic plan. Here are some additional tools and tips to further your knowledge:
   • Read a white paper on best practices for mitigating insider threats.
   • Read insider threats prevention advice and tips from other cybersecurity leaders.

We hope you find this information helpful and that you can strengthen your organization’s cybersecurity posture – whether in small or large ways – for Cybersecurity Awareness Month.