Insider threats can pose even greater risks to company data than those associated with external attacks. This ebook offers a collection of practical strategies that IT pros can follow to identify areas of risk and take steps to mitigate them.
From the ebook:
A 2017 report released by the Institute for Critical Infrastructure Technology said that most cybersecurity incidents (both intentional and accidental) are the result of some action by insiders. This list will help system administrators detect and reduce the threat of insider risk—a critical requirement given the fact some insider security breaches can go undetected for weeks, months, or years.
1. Establish a security incident and response team
Even if it consists of one individual, a dedicated team is essential to security success. This team should be responsible for preventing, detecting, and handling incidents and should have documented plans and procedures for each. Providing the team and general IT staff with security training to keep up on the latest tactics is a key factor in identifying insider threats as quickly as possible.
2. Use temporary accounts
Set up third-party employees, such as contractors or interns, with temporary accounts that expire on a certain date that’s tied to the end of their contract or project. This will ensure that the accounts are inaccessible after the individual departs. You can always extend their account expiration if needed.
3. Conduct frequent audits to look for unused accounts and disable or remove them if possible
A simple use of the dsquery command on a Windows Active Directory Domain Controller can do the trick. Let’s say you have a domain called company.com and you want to check for accounts not used in the past 12 weeks.