Articles

What are Insiders and how to protect yourself

*By Wilton Silva

Information Security is currently one of the most important terms within companies, especially at a time when adherence to home office work is so high. Many employees started working from home and had to adapt to this new routine, to new processes, to old procedures that had to be reviewed, and like every change there were advantages and disadvantages.

With the increasing number of cyber attacks, it became clear the need to deploy tools that can mitigate, control and prevent these threats. And when it comes to protecting a company's assets against theft of information, against loss of data or any other action that affects the normal functioning of the company, we can think of several ways, such as: firewall, VPNs, WAF, among others. However, these tools are usually mostly focused on external threats, but there is another side to this problem that can sometimes go unnoticed by security teams, which are internal threats, the so-called insiders.

incidents with insiders grew by 44% in the last 2 years according to the 2022 Ponemon institute report, “Cost of Insider Threats: Global Report”, indicating that attackers are using this tactic more frequently due to the ease that an insider brings to the entire process of infiltration and attack on a company's environment. It is worth noting that recently the Lapsus$ group was looking for employees from target companies to provide their credentials from the internal systems, in order for the group to gain access to the corporate environment. Another important point is that not all insider is purposeful, which may have been the target of social engineering or Phishing for example.

The ways to protect against internal attacks is a subject that is currently being discussed a lot among IT managers and other employees in the area, due to the difficulty in dealing with the situation and in how to identify these attacks before it is too late. There are many ways to protect your network from an insider attack, but some cyber protection standards such as Password Policies, Firewalls and Perimeter Security and Patches Update, have little effectiveness in mitigating these types of threats. However, these protection policies are still valid and very important to protect your company from countless other attacks, so it is crucial that they are followed.

Some ways to anticipate this type of threat and try to protect yourself are described below:

Hiring New Employees:

Checking possible false information on the resume, assessing the interviewee's sensitivity to cybersecurity and ethics in the field of information security are points to be analyzed during the interview.

Contracting suppliers:

Try to confirm with potential vendors that their culture and notion of security risk aligns with that of the company.

Internal Policies:

Internal policies must be concise, easy to understand and adhere to, and available to everyone. It is also important to reinforce policies where necessary.

Communication:

Good communication with employees and keeping them motivated is important to create a good working environment, it is also important to carry out training in order to raise awareness and inform about techniques such as Social Engineering and Phishing.

Monitoring:

Keep users with only necessary privileges, and monitor their behavior on the network, either with the help of a SIEM, an EDR, or other software that can analyze certain types of suspicious behavior.

— Wilton Silva is a SOC Analyst at [SAFEWAY]

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!