From the course: The Cybersecurity Threat Landscape
Protect against insider threats
- [Instructor] Insider threats can be dangerous and hard to detect. In this video, I'll show you four steps you can take to protect your organization against insider threats. First, if you haven't already, take the time to identify the critical assets in your organization. These are the IT systems that are essential for the operations of your business, have the most sensitive information, or both. When you identify the critical assets, ensure that they are being properly protected and monitored. Also, review and validate who has access to these assets. Confirm that everyone who has access to them really needs that access. It's a good idea to conduct these asset access reviews on a regular basis. Next, write and enforce policies and processes that can protect against insider threats. Examples of these policies and processes include an acceptable use policy, which defines authorized and unauthorized use of your organization's assets. Without an acceptable use policy an employee could claim they didn't know that their malicious activity wasn't allowed. Once your acceptable use policy is written, make sure all employees read and agree to follow it. A policy on the proper use of admin accounts, this will define who is authorized to have admin accounts and how these accounts are allowed to be used. A clear employee performance review process, including requirements for promotions and financial bonuses. This is often handled by HR and is necessary to avoid misunderstandings that could lead to disgruntled employees. A process for addressing employee grievances. This is also often an HR process and is necessary to help prevent unhappy employees from becoming insider threats. And an offboarding process that quickly removes access from employees who are no longer in the organization. Third, let's look at some technical security controls that can be implemented to protect against insider threats. To avoid having insider threats go undetected, you should monitor user activities, especially on your critical assets. One of the best tools for doing this is a security information and event management system, or SIM. A SIM will collect and analyze event log activity from all your systems and can help identify suspicious or malicious activity. When it comes to access, it's important to follow the least privileged principle. Only grant the bare minimum of privilege that someone needs to do their job. Regularly review each user's privileges to make sure they're not excessive. And use network segmentation to isolate the critical assets from the rest of the network. This will help protect those assets from insider threats who shouldn't have access to those parts of the network. Finally, user security awareness training can be an important way to protect against insider threats. Teach users about the acceptable use of your organization's assets. Let users know that their activity is being monitored and the consequences of unauthorized activities. And remind users to report any suspicious activity to the appropriate parties in your organization. Although insider threats are a growing part of the cybersecurity threat landscape, you can take the steps I covered in this video to help protect your organization against them.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.