How to protect yourself from becoming Insider?

This can be considered as one of the biggest threat for any organization. Sometimes too big that it can exploit a nuclear project. It vary from any insider intentionally harming not aware of how big the loss can be to unintentionally being an element of the attack.

How it happens:

One main aspect that needs attention is the scenario where people in your surroundings noticing you typing your passwords, reading out the content which is kept open. It is mostly observed that most of the people when move out from their work desk doesn't opt to lock their desktops leaving the access of the system open for others or document kept open. It is always good to lock your desktop when not in use, unintentionally you are acting as a point of threat. The unprivileged person who gained access to your system as it is kept open has an opportunity to view the important files or access your system or to the least will be able to read out the document that is kept open on your desktop screen.

Other important aspect that needs attention is allowing installation of harmful software and allowing to use plug and play devices such as pen drives, removable medias. Yes it is quiet often that pen drives are restricted but what if that removable medium is a advanced USB (will discuss about the same later) which is detected as any other physical device just by creating a Ethernet adapter on plug-in into the system. Here there is a assumption that if a USB defense has been implemented that restricts insertion of USBs. But not in all cases, Any prevailed insider unaware of the payload that is inserted in a looking like USB Ethernet device plugs in it, resulting a complete network halt by executing the payload.

Next one is allow employees with least privilege. The less the privilege the less the threat. Do not provide access to employees with unnecessary access to the devices/data which is not needed. It is mostly observed that if the user is restricted to use any of the sites like social networking or any such. In this scenario users are opting to proxies/proxy sites to access the restricted sites.

Bottom line:

It is always good to lock your work stations when it is not in use, Avoid using removable medias as we never know what just came and hit us as we will be in a assumption that removable media defense is there to save us but this is no more our Savior. Least privilege t users based on the roles. Restrict proxy access with in the network.

Last update: June 3, 2020