Led by the Center for Internet Security (CIS), an international community of experts regularly publishes a list of recommended security controls (CIS Critical Security Controls) that outline specific actions organizations can take to improve their cyber defenses. Implementing the controls protects organizations from internal and external cyber threats.
According to a 2013 Clearswift survey, 58% of all security incidents can be attributed to insiders. Below is a look at how two of the controls guard effectively against the paradigmatic internal threat: the insider who has turned against his or her own organization.
Security Control #4: Continuous Vulnerability Assessment and Remediation
The reality of the security landscape is that IT teams have to compete against attackers in a race against time. It starts when a vulnerability is announced. Defenders hurry to install patches and software updates to remediate the problem; attackers hurry to exploit the weakness before it is sealed. In this contest, an insider threat may know from his or her own experience the policies and practices of the organization's IT staff—and the insider can take advantage of that knowledge, perhaps by leaking to hacker allies vulnerability information that the insider knows the IT team will take too long to remediate.
The answer is to make sure vulnerability management is an ongoing, nonstop process, rather than a “patch and pray” approach. It’s for good reason that CIS recommends continuous vulnerability assessment and remediation as their fourth critical security control. With proactive vulnerability management, IT teams can reliably repair security flaws, negating the advantage insider threats may have. One effective security tool to use is SOCVue’s vulnerability management service.
Security Control #16: Account Monitoring and Control
It may be surprising, but common sources of digital compromises are legitimate but inactive user accounts. Imagine a staff member has been fired, but his or her account has not been terminated. The disgruntled employee can still log in to access the organization's assets. But if IT teams monitor and control user accounts carefully, they can prevent such a dangerous situation.
Network security monitoring analyzes an organization's digital traffic to raise red flags if any of the activity is suspicious—and that includes user account activity such as logging in and logging out. For example, EiQ's SOCVue reports atypical use of user accounts so that IT teams can be well aware that something unusual is going on and take defensive steps.
Security Controls for Cyber Defenses
These security controls are well-studied ways for organizations to realistically defend their IT assets. Companies should make it a habit to implement security controls, such as continuous vulnerability assessment and account monitoring, in order to deter would-be insider threats.
More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities.
Would you like to learn more about how EiQ can help? Sign up for a SOCVue demo today.
Top image credit: canbedone/Shutterstock