No organization wants to think that one of its own trusted employees is out to get the firm. However, a study by Intel found that 43% of data losses are the result of “internal actors” – and about half of these incidents were due to the intentional acts of malicious insiders, not accidents or carelessness. Meanwhile, the rise of the Darknet, a shadowy corner of the internet that can only be accessed using special software that hides users’ locations and identities, has made it easier than ever for disgruntled or desperate people to sell their employers’ information, including system login credentials, to criminals.

Security researcher Brian Krebs reports that some organizations are paying security firms or partnering with law enforcement to monitor Darknet forums for malicious actors attempting to sell company secrets. The problem with this approach is, by the time an employee has put together a package of company information and offered it up for sale on the Darknet, the damage has already been done – and the Darknet ad may not represent the first time the employee has sold information. Many malicious insiders operate for years before being detected. When protecting against malicious insiders, the best defense is a good offense; companies must identify malicious actors and stop them before they attempt to sell data to hackers.

How can organizations monitor insider activity and detect malicious insiders without impeding daily operations or making employees feel they are under lock and key? Lazarus Alliance recommends the following proactive steps:

Develop a comprehensive cyber security policy, including acceptable use.

The first step is to make sure that all of your employees know exactly what is expected of them regarding acceptable use of company hardware, software, and network access. For example, employees may be prohibited from accessing social media networks from company computers or from removing company tablets or laptops from the premises. The policy should include a description of the disciplinary consequences of violations. While an acceptable use policy won’t deter malicious insiders, by establishing specific rules, companies can more easily detect deviations and take corrective measures.

Give employees the minimum level of system access they need to do their jobs.

Employees should have access to the company systems they need to perform their job duties – and no more. For example, a billing clerk has no need to access employee tax and salary data, and employees in the marketing department should not be able to create new user accounts and set network privileges. Restricting system access puts an obstacle in the path of malicious insiders.

Continuously monitor your network for unusual user behavior.

Your organization’s systems should be monitored 24/7 to detect unusual user behavior, such as a user logging in from a different location or at a highly unusual time (such as the middle of the night), or accessing parts of the system they wouldn’t normally need to. Not only will network monitoring allow you to detect the work of malicious insiders; it will also allow you to detect credentials that were stolen via phishing schemes.

Author's Bio: 

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions.

He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.