Improve These Five Site Security Measures for Insider Threat Protection

Harden Site Security to Catch Insider Threats

All over various industries, and at different levels of business, the alarm bells are ringing – executives and others are finding how important proactive cybersecurity is to a company’s success.

However, there are different areas of business security that each need to be addressed. For one thing, companies might spend a lot of time on protection of digital systems, but not enough time on actual physical site security.

Again and again, penetration testers and other white hat operatives find that they can get pretty far by actually getting inside of the building, as opposed to trying to attack the network. This sort of vulnerability is also critical for businesses to understand as they move forward with all of the best digital protections.

Site Security Combats Sensitive Data Theft

In order to better understand site security as a whole, think about this list of methods for acquiring trade secrets that comes from the federal FBI, where theft of trade secrets is discussed in Title 18 of USC section 1832.

An FBI brochure lists the common ways of stealing data from a site:

“Steal, conceal, or carry away by fraud, artifice or deception … copy, duplicate, sketch, draw, photograph, download, upload, alter or destroy, photocopy, replicate, transmit, deliver, send, mail, communicate or convey … or possess a trade secret knowing the same to have been stolen or appropriated, obtained or converted without authorization.”

The goal, then, is to deter bad actors from doing any and all of these things. The five types of site security strategies below aid businesses and are even sometimes analogous to digital network cybersecurity solutions. 

Types of Insider Threats

First, security professionals need to differentiate between the various fundamental types of insider threats.

One is a malicious attack – where a disgruntled employee or someone inside the company is attacking a network or system, or trying to otherwise harm the company, with ill intent. This can include revenge attacks, or those undertaken for monetary gain.

Then there are insider threats where it’s actually an outside hacker perpetrating the attack, but inside people are duped into providing support. People often talk about these as ‘negligent insider threats’ and many of them involve some form of social engineering, like phishing. 

Another third type of insider threat stems from careless employees. Careless insider threats have laissez-faire attitudes toward cybersecurity and often ignore cybersecurity protocols in place. Simple careless insider actions like  reusing the same weak password creates added risk to organizations. 

Next on the list,  there’s professional insider threats. These types of insiders are also malicious but instead of acting out of revenge, they make a career out of corporate espionage. These insider threats are particularly harmful since they often know the stealthiest ways to attack an organization. 

Lastly, there are recruited insiders. These insiders are actively sought out by external threat actors and are often paid and financially motivated to do harm. 

DLP insider threat user analytics for business button

Site Security Tools To Combat Insider Threats

So how do you beat insider threats bent on attacking your network? Whether it’s malicious, negligent, careless,  professional, or recruited, site security attacks work on the basis of unauthorized people getting inside buildings, or into special sites that house important sensitive data physically.

That said, these five site security concerns will help circle the wagons and protect what the business holds physically, whether that information is digital or on paper.

Printed Document Tracking Protects Against Data Exfiltration

If a company doesn’t know what’s being printed in its buildings, it’s much easier for an insider threat  to make off with critical information.

Sophisticated printed document tracking systems can help leaders to view content that has been printed out at a specific location. They can set alerts for relevant print jobs that may constitute suspicious activity. They can also search through the network to find specific documents and view whether they have been printed, and if so, where.

They can also look at the big picture in recording printer usage and activity to see whether employees are complying with standards and doing things the right way. The combination of single-document searches and more global evaluation does a lot for business, not just in adding site security to the mix, but for logistical planning as well (for example, ordering volume of paper, and looking at print activity and demand over time.)

Printed Document Tracking to Stop Insider Threats
Identify data exfiltration by insider threats with printed document tracking

Improving Perimeter Alarms Catches Insider Threat Activity

Security professionals today also talk a lot about perimeter and beyond-the-perimeter solutions.

The old traditional firewall was simply a traffic gate for incoming and outgoing information. It didn’t often do much more than that.

As for physical site security, companies often have a turnstile or gate system that restricts access into sensitive areas that work like a physical firewall.

Going beyond the perimeter, then, means looking for certain types of activities that might constitute threats. One such activity is ‘island hopping’ – a procedure by which threat actors  get access to some part of the system and then use that to leapfrog somewhere else.

Reports say that one third of all attacks involve some sort of island hopping.

Experts describe island hopping  as a tactic where a hacker gets into some system adjacent to a core network, and then stages a “hop” inside the network – and after that, goes from one potentially sensitive part of the network to another. 

This said, one solution in the network world is microsegmentation, where the network has more than one set of doors to internal access.

From a site security standpoint, on the other hand, there’s a lot that can be done with the key cards used for site entry. Similar to how file activity can be tracked across a network, key cards can be traced along with their owners as they move through a building or location. That, again, provides the data for beyond-the-perimeter site intelligence.

Motion Sensors Detect Threats to Sensitive Areas

Think of it this way – inside a physical building are specific places where sensitive data lives.

The old ‘lights-out server room’ scenario illustrates this well. There may be one room with a single door. Behind that door, the machines are humming away, and USB portals or other means would allow an insider threat  to simply grab that data and run.

So if motion sensors are applied to these systems, a malicious insider might get in the door, but a proactive security team would be alerted to the  act. It is, in a sense, sort of like a honeypot protection scheme in that hackers are going to think they’re home free … that is, until someone says “smile, you’re on camera” (or, alternately: “Stop, you’re surrounded!) The idea is that the motion sensors, attached to an alarm system, are beacons for keeping sensitive locations safe.

Elevator Keys Track the Movements of Insider Threats

If the business has a large office footprint in a multistory building, an elevator can be a very effective type of microsegmentation for the physical building.

You’ve heard the old phrase “the elevator only goes to a certain floor” as a pejorative—but this type of solution can be extremely helpful in site security. It’s another physical equivalent of microsegmentation of a network. It keeps the sensitive stuff away from high-traffic areas and public eyes, and it helps zero in on insider threats that may be happening inside of a building.

Access Controls Protect High-Privilege Areas Inside A Building

This is another place where building site security can mirror some of the same philosophies used in network protection. 

First, having a protected sensitive location inside a building is similar to that practice of network micro segmentation mentioned above. It’s nesting different sets of security protocols to keep valuable information safer.

But also, importantly, having data behind additional doors is also like another practice in the IT world called IAM or Identity and Access Management.

In digital IAM, administrators are setting different levels of access for users, depending on who they are and what they need to do their jobs. The same can be applied to the locked site locations: only certain people, based on rank or job title or other criteria, will have access.

insider threat detection live demo button

Standards on Site Safety

All of the above illustrate how site data protection works.

Looking at the above techniques and methods, white hats and internal teams can learn more about how to really protect data, across the board, not just in digital networks, but in places where it physically exists too. Every business has some sort of sensitive data to protect, and by guarding the physical building as well as the digital network, security pros are covering the waterfront to harden the architecture as a whole, and to keep attackers out. 

Protect Against Insider Threats with Teramind

Start Teramind Free Trial
Author

Connect with a Teramind Security Expert

Get a personalized Teramind demo to learn how you can protect your organization with insider threat detection, employee monitoring, data loss prevention, productivity tracking and more.

Table of Contents
Stay up to date
with the Teramind Blog.

No spam – ever. Cancel anytime.

Related blog posts