1 00:00:00,05 --> 00:00:02,04 - [Instructor] Insider threats can be dangerous 2 00:00:02,04 --> 00:00:03,07 and hard to detect. 3 00:00:03,07 --> 00:00:04,06 In this video, 4 00:00:04,06 --> 00:00:07,02 I'll show you four steps you can take to protect 5 00:00:07,02 --> 00:00:10,04 your organization against insider threats. 6 00:00:10,04 --> 00:00:12,03 First, if you haven't already, 7 00:00:12,03 --> 00:00:13,07 take the time to identify 8 00:00:13,07 --> 00:00:16,04 the critical assets in your organization. 9 00:00:16,04 --> 00:00:18,08 These are the IT systems that are essential 10 00:00:18,08 --> 00:00:20,08 for the operations of your business, 11 00:00:20,08 --> 00:00:24,01 have the most sensitive information, or both. 12 00:00:24,01 --> 00:00:26,01 When you identify the critical assets, 13 00:00:26,01 --> 00:00:29,06 ensure that they are being properly protected and monitored. 14 00:00:29,06 --> 00:00:33,06 Also, review and validate who has access to these assets. 15 00:00:33,06 --> 00:00:35,04 Confirm that everyone who has access 16 00:00:35,04 --> 00:00:37,06 to them really needs that access. 17 00:00:37,06 --> 00:00:40,07 It's a good idea to conduct these asset access reviews 18 00:00:40,07 --> 00:00:43,00 on a regular basis. 19 00:00:43,00 --> 00:00:46,03 Next, write and enforce policies and processes 20 00:00:46,03 --> 00:00:48,09 that can protect against insider threats. 21 00:00:48,09 --> 00:00:50,04 Examples of these policies 22 00:00:50,04 --> 00:00:53,08 and processes include an acceptable use policy, 23 00:00:53,08 --> 00:00:56,06 which defines authorized and unauthorized use 24 00:00:56,06 --> 00:00:58,07 of your organization's assets. 25 00:00:58,07 --> 00:01:00,09 Without an acceptable use policy 26 00:01:00,09 --> 00:01:03,02 an employee could claim they didn't know 27 00:01:03,02 --> 00:01:05,08 that their malicious activity wasn't allowed. 28 00:01:05,08 --> 00:01:08,01 Once your acceptable use policy is written, 29 00:01:08,01 --> 00:01:11,02 make sure all employees read and agree to follow it. 30 00:01:11,02 --> 00:01:14,06 A policy on the proper use of admin accounts, 31 00:01:14,06 --> 00:01:17,06 this will define who is authorized to have admin accounts 32 00:01:17,06 --> 00:01:20,04 and how these accounts are allowed to be used. 33 00:01:20,04 --> 00:01:22,09 A clear employee performance review process, 34 00:01:22,09 --> 00:01:26,09 including requirements for promotions and financial bonuses. 35 00:01:26,09 --> 00:01:28,08 This is often handled by HR 36 00:01:28,08 --> 00:01:31,05 and is necessary to avoid misunderstandings 37 00:01:31,05 --> 00:01:34,05 that could lead to disgruntled employees. 38 00:01:34,05 --> 00:01:37,07 A process for addressing employee grievances. 39 00:01:37,07 --> 00:01:40,01 This is also often an HR process 40 00:01:40,01 --> 00:01:43,08 and is necessary to help prevent unhappy employees 41 00:01:43,08 --> 00:01:45,09 from becoming insider threats. 42 00:01:45,09 --> 00:01:49,00 And an offboarding process that quickly removes access 43 00:01:49,00 --> 00:01:52,06 from employees who are no longer in the organization. 44 00:01:52,06 --> 00:01:55,04 Third, let's look at some technical security controls 45 00:01:55,04 --> 00:01:59,01 that can be implemented to protect against insider threats. 46 00:01:59,01 --> 00:02:01,08 To avoid having insider threats go undetected, 47 00:02:01,08 --> 00:02:04,00 you should monitor user activities, 48 00:02:04,00 --> 00:02:06,03 especially on your critical assets. 49 00:02:06,03 --> 00:02:07,05 One of the best tools 50 00:02:07,05 --> 00:02:09,09 for doing this is a security information 51 00:02:09,09 --> 00:02:12,05 and event management system, or SIM. 52 00:02:12,05 --> 00:02:13,07 A SIM will collect 53 00:02:13,07 --> 00:02:17,02 and analyze event log activity from all your systems 54 00:02:17,02 --> 00:02:20,08 and can help identify suspicious or malicious activity. 55 00:02:20,08 --> 00:02:22,01 When it comes to access, 56 00:02:22,01 --> 00:02:25,01 it's important to follow the least privileged principle. 57 00:02:25,01 --> 00:02:27,06 Only grant the bare minimum of privilege 58 00:02:27,06 --> 00:02:29,08 that someone needs to do their job. 59 00:02:29,08 --> 00:02:32,04 Regularly review each user's privileges 60 00:02:32,04 --> 00:02:34,09 to make sure they're not excessive. 61 00:02:34,09 --> 00:02:37,02 And use network segmentation to isolate 62 00:02:37,02 --> 00:02:40,01 the critical assets from the rest of the network. 63 00:02:40,01 --> 00:02:43,01 This will help protect those assets from insider threats 64 00:02:43,01 --> 00:02:46,02 who shouldn't have access to those parts of the network. 65 00:02:46,02 --> 00:02:48,05 Finally, user security awareness training 66 00:02:48,05 --> 00:02:52,02 can be an important way to protect against insider threats. 67 00:02:52,02 --> 00:02:54,02 Teach users about the acceptable use 68 00:02:54,02 --> 00:02:56,05 of your organization's assets. 69 00:02:56,05 --> 00:02:59,04 Let users know that their activity is being monitored 70 00:02:59,04 --> 00:03:02,08 and the consequences of unauthorized activities. 71 00:03:02,08 --> 00:03:05,08 And remind users to report any suspicious activity 72 00:03:05,08 --> 00:03:09,01 to the appropriate parties in your organization. 73 00:03:09,01 --> 00:03:11,04 Although insider threats are a growing part 74 00:03:11,04 --> 00:03:13,08 of the cybersecurity threat landscape, 75 00:03:13,08 --> 00:03:15,09 you can take the steps I covered in this video 76 00:03:15,09 --> 00:03:19,00 to help protect your organization against them.