Managing the insider threat| #eBizWires


The more valuable a businesses’ intellectual property is, the higher the chances that cyber criminals will try to get their hands on it.

“Threats to organisations are prolific. Anyone who reads the news will have seen countless reports about threat actors breaching organisations and stealing their intellectual property or exposing their customers’ details,” says Jayson O’Reilly, director of sales and innovation at DRS.drs_logo

He says what we read about far more seldom is breaches where insiders have been fingered as the culprit. “This is not because these types of incidents do not occur. Too often, it is an insider that enables the hacker, sometimes deliberately, sometimes purely by accident, and these types of breaches can be even more catastrophic than those carried out by outsiders alone.”

“The threat from your employees is a real one. They have legitimate log in credentials, they know what information you have without having to conduct a fishing expedition. Although outside attackers are a great danger, and will constantly try to breach your defences to steal, disrupt or damage your business, do not make the mistake of ignoring the insider threat.”

He says the ability to keep sensitive information safe while not looking at every employee with suspicion is a balancing act, but there are several measures companies can take to protect against the insider threat. “Firstly, apply role-based access. As the business grows, and new staff join the company and others leave, roles and responsibilities change too. It is a hassle to keep provisioning and then de-provisioning access, which is why too many businesses are lackadaisical about it, and opt for an all-access approach.”

This is dangerous, he explains, as not all staff need access to all folders. “Make sure that roles and responsibilities are clearly defined, which will make the provisioning / de-provisioning process a lot easier. This isn’t a silver bullet, but will help limit any damage. In addition, always enforce the principle of least privilege, to ensure that no-one has access to any sensitive data that they don’t strictly need to do their jobs.”

Another step, says O’Reilly, is to apply privileged access management. “All businesses have IT departments with administrators that have to have root access to all critical resources. These people need to be trusted, but to err is human, and they can make mistakes too, which could harm the organisation. To counter this, companies should have good privileged access policies in place, and should avoid built-in ‘administrator’ or ‘root’ accounts instead of personal accounts tied to the individual. Should an event occur, or something go amiss, this will give the business a way of pinpointing anyone involved in suspect or anomalous behaviour.”

O’Reilly says to bear in mind that since it is impossible to stop an insider before they get in, early detection is crucial to limiting the damage. “Malicious insiders need to perform a number of steps before they can achieve their ends, and there are ways to stop them in that process.”

The first thing a business needs to do this is visibility into the network. Internal network traffic, access logs, policy violations and more need to be watched continuously for any anomalous behaviours. “The better you know what ‘normal’ activity on your network consists of, the better your chances of identifying suspicious activity. Understand how much traffic is normal, who should be accessing sensitive data and who should not, and what applications are used for the running of the business. Anything that does not meet these ‘normal’ criteria should be investigated, to prevent unauthorised access, policy violations, data exfiltration or internal reconnaissance.”

Having good policies in place, and being aware, can limit your chances of suffering an insider attack, not only by preventing malicious employees, but honest ones from making genuine mistakes.


Behind the Scenes

DRS is an ICT services and solutions provider that offers ingenious security services with a portfolio that covers customer needs from the creation of security strategy to the daily operation of point security products. DRS partners with market-leading technology providers to ensure the best possible infrastructure and adds the services to ensure that the chosen products are effectively implemented and operate efficiently.

The company specialises in providing innovation and agility in the areas of information security, IT risk management and IT governance, focusing on key areas ranging from Anti-Malware Protection, Desktop Firewall/ Host IPS for PC’s, Content Filtering to Perimeter Firewalls, Intrusion Detection and Prevention, Vulnerability and Configuration Management, Security Event Consolidation and correlation and even Data Loss Prevention, Network Access Control, Encryption and even more.

DRS is a specialist in the effective implementation of many industry-leading technologies such as Air Defense, AccessData. ArcSight and many more. We strive to excel in all domains remaining entrepreneurial.


Media Contacts:


Jayson O’Reilly

Director: Sales & Innovation

+27 11 523 1600

[email protected]

Don't be shellfish...Share on Reddit
0Tweet about this on Twitter
Share on Facebook
0Email this to someone
Share on LinkedIn


eBizRadio is a live multi- platformed social media service providing an online forum to the business community for holding conversations on the key issues related to specific businesses as well as availing a space for cross-business collaboration in response to key issues affecting the world of business. The place to go if you want to know about business and lifestyle

scroll to top


Please enter the correct answer: *

Register | Lost your password?