IndiGo and SpiceJet, the budget airlines, are again in the news. InterGlobe, that runs IndiGo, has accused its former employee of stealing financial and price-sensitive information to deploy and use it in their position with SpiceJet, a competitor of IndiGo. This person quit IndiGo and directly joined SpiceJet in September 2015.
An insider threat occurs when a current or former employee, contractor or business partner, who has or had authorized access to an organization’s network systems, data or premises, uses that access to compromise the confidentiality, integrity or availability of the organization’s network systems, data or premises, whether unwittingly or wittingly. Insider threats can include fraud, theft of intellectual property (IP) or trade secrets, unauthorized trading, espionage, terrorism, and IT infrastructure sabotage.
While inside threat is mostly intentional, in some occasions it is ‘without intent’ or ‘accidental’. With advances in technology and Internet connectivity, there is new threat starting to stare at your face – called the Cyber Insider Threat, which is a Non-Malicious Insider. When it comes to cyber threats, countless data breach reports and incidents have shown that most of the problems are the result of the Insider behind the keyboard. This person is Ignorant, impatient and gullible. They fall prey to social engineering tactics and phishing e-mails used by cyber criminals. Insiders tend to be too trusting and that introduces significant security risks to businesses.
- Educate them on spotting suspicious behavior; and treat them fairly
- Set clear policies including defining what activities are permitted in your network and which ones are not
- Cyber Security Awareness and Insider Threat Awareness Training in many organizations are a once a year activity, or in some organizations non-existent. Make sure these trainings are regularly conducted
- Are they working odd hours, late night, weekends? Do they remotely access servers, database, applications while on vacation?
- Are they attempting to bypass security controls?
- Look out for visible disgruntlement towards co-workers and employer
- Looks for patterns of frustration and disappointment
- Signs of vulnerability, such as drug or alcohol abuse, financial difficulties, gambling, illegal activities, poor mental health or hostile behavior, should trigger concern
- Concentrate monitoring resources where it matters
- Many companies have ‘BYOD’ policy. This is not a great practice and these devices must be monitored carefully
- Once a person leaves the organization make sure their machines/devices are formatted and all data cleaned up before the asset is handed over to another employee
- Monitor the network continuously use tools that can identify trends in access pattern and flag such cases
- Baseline normal behaviors on network; look for anomalies
- Monitor social media activities of employees particularly the ones serving notice period and immediately after they have left
- Have they joined a competitor or ventured into a similar business?
- Separate duties for key functions. Not every employee needs access to every piece of data, so segment your networks and restrict privileges to ensure that employees can access only files and applications they need
- For example, your accounts department probably has no need to access project files and employees in one country may not be legally allowed to access customer data from another country
- You can also assign specific roles to employees with identity management or data-labeling tools. The larger the company, the more likely it will need all of these controls
- Try granting least privileges and put audit and control mechanism in place. Authorize users based on least access privilege and conduct periodic audits to detect inappropriately granted access or access that still exists from previous job roles/functions and should be removed