While insider risk involves actors that we know, with outsider risk the perpetrator is unknown. In this context, it is important to recognize that more and more cyber-attacks are taking place via supply chains. An estimate by the American National Institute of Science and Technology (NIST) says no less than eighty percent. An organization is infected via a vulnerability of a (software) supplier. Well-known recent examples are leaks in the software of Citrix and Solarwinds. Precisely because of this trend good threat intelligence is increasingly important. Gartner defines this as ‘evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging threat or asset threat. This information can be used to make decisions regarding the subject’s response to that threat or danger.’
The motives of outside risk actors do not differ much from insiders. Monetary gain comes first. In addition, we also see activist or political motives among outsiders. In recent years it has become clearer that state actors are very active in cybercrime. Spying on authorities to follow or influence political decisions or to steal intellectual property from companies are widespread. The means used for this purpose are well-known: malware and ransomware, distributed through Business Email Compromise (BEC), phishing or brute force.
To counter all these threats, companies invest in Identity and Access Management-platforms (IAM). According to the ISC2 2021 Cyberthreat Defense Report, adaptive authentication is currently still at the top. This approach entails that you deploy two-factor authentication and multi-factor authentication based on risk, such as user role, the importance of a particular resource, the location, time or day of the week. The system learns from user behavior and can provide a good balance between convenience and security. In second place comes password management/automatic reset. In third place comes Privileged Access Management, followed by Identity as a Service (IDaaS).
The multitude of threats and available point solutions can make it difficult for an organization to make well-informed decisions about its overall security policy. It is important to start with determining the current maturity of your own security. What basic processes are there and to what extent do they meet current standards? Security is much more than tools and technology. It requires a holistic total approach, in which broad security awareness must be the starting point.
This blog focused to the outsider risks. In another contribution we will discuss the insider risks in more detail.