Five tips against insider threat

Not only cyber attacks, but also insider attacks continue to pose a significant security threat to companies.

© depositphotos, Andreus
Defuse insider threat

Many companies have now recognized the "threat from within" and have strengthened their protective measures accordingly. In doing so, they focus primarily on malicious insiders, who, however, are not exclusively responsible for security incidents; employee carelessness must also be taken into account.

It is already difficult to find out which insiders have malicious intentions. It's even harder to identify potential victims of an attack whose accounts are being exploited. Nor is it easy to identify employees who inadvertently become a threat to corporate systems, applications and data.

The following five recommendations from CyberArk can help reduce the risk of insider threats in general and detect attacks quickly - thus eliminating or limiting potential damage.

  1. Reduce attack surface

An organization should restrict default user rights based on roles to minimize the risk of intentional and accidental damage. Application monitoring also helps identify user account compromises more quickly.

  1. Save credentials

Privileged credentials should be stored in a secure, centralized repository that supports strong access controls and multifactor authentication, as well as providing auditability. Additionally, credentials must be changed at regular intervals.

  1. Limit powers of accounts

Based on a strict "Separation of Duties", administrative tasks should be separated according to the roles of privileged users based on a "least privileges concept". Full admin or root access should only be allowed when absolutely necessary.

  1. Prevent unwanted behavior

A company should monitor the use of privileged and shared accounts and record all activities to be able to assign and prevent actions to specific users.

  1. Investigate attackers disguised as authorized insiders

Attackers using privileged accounts appear at first glance to be authorized insiders, but their behavior is usually different. Organizations should therefore monitor and analyze the behavior of privileged users and accounts to more easily identify deviations that may indicate an ongoing attack.

Assign user rights more restrictively

"To effectively protect against insider threats, organizations need to be restrictive in assigning user privileges to reduce their attack surface, protect privileged credentials, and continuously monitor privileged accounts that are recurring targets for internal and external attackers," said Michael Kleist, Regional Director DACH at CyberArk. "These are exactly the capabilities offered by our Privileged Access Security Suite. With its intelligent control capabilities, organizations can significantly reduce the risk of intentional and accidental insider threats. Real-time monitoring and threat analytics capabilities also enable easy and fast threat detection."

Source: CyberArk

(Visited 108 times, 1 visits today)
h2> More articles on the topic

SECURITY NEWS

Bleiben Sie informiert über aktuelle Sicherheitsthemen – praxisnah und zuverlässig. Erhalten Sie exklusive Inhalte direkt in Ihren Posteingang. Verpassen Sie keine Updates.

Jetzt anmelden!
anmelden
You can unsubscribe at any time!
close-link