Improve These Five Site Security Measures for Insider Threat Protection
All over various industries, and at different levels of business, the alarm bells are ringing – executives and others are finding how important proactive cybersecurity is to a company’s success.
However, there are different areas of business security that each need to be addressed. For one thing, companies might spend a lot of time on protection of digital systems, but not enough time on actual physical site security.
Again and again, penetration testers and other white hat operatives find that they can get pretty far by actually getting inside of the building, as opposed to trying to attack the network. This sort of vulnerability is also critical for businesses to understand as they move forward with all of the best digital protections.
Site Security Combats Sensitive Data Theft
In order to better understand site security as a whole, think about this list of methods for acquiring trade secrets that comes from the federal FBI, where theft of trade secrets is discussed in Title 18 of USC section 1832.
An FBI brochure lists the common ways of stealing data from a site:
“Steal, conceal, or carry away by fraud, artifice or deception … copy, duplicate, sketch, draw, photograph, download, upload, alter or destroy, photocopy, replicate, transmit, deliver, send, mail, communicate or convey … or possess a trade secret knowing the same to have been stolen or appropriated, obtained or converted without authorization.”
The goal, then, is to deter bad actors from doing any and all of these things. The five types of site security strategies below aid businesses and are even sometimes analogous to digital network cybersecurity solutions.
Types of Insider Threats
First, security professionals need to differentiate between the various fundamental types of insider threats.
One is a malicious attack – where a disgruntled employee or someone inside the company is attacking a network or system, or trying to otherwise harm the company, with ill intent. This can include revenge attacks, or those undertaken for monetary gain.
Then there are insider threats where it’s actually an outside hacker perpetrating the attack, but inside people are duped into providing support. People often talk about these as ‘negligent insider threats’ and many of them involve some form of social engineering, like phishing.
Another third type of insider threat stems from careless employees. Careless insider threats have laissez-faire attitudes toward cybersecurity and often ignore cybersecurity protocols in place. Simple careless insider actions like reusing the same weak password creates added risk to organizations.
Next on the list, there’s professional insider threats. These types of insiders are also malicious but instead of acting out of revenge, they make a career out of corporate espionage. These insider threats are particularly harmful since they often know the stealthiest ways to attack an organization.
Lastly, there are recruited insiders. These insiders are actively sought out by external threat actors and are often paid and financially motivated to do harm.
Site Security Tools To Combat Insider Threats
So how do you beat insider threats bent on attacking your network? Whether it’s malicious, negligent, careless, professional, or recruited, site security attacks work on the basis of unauthorized people getting inside buildings, or into special sites that house important sensitive data physically.
That said, these five site security concerns will help circle the wagons and protect what the business holds physically, whether that information is digital or on paper.
Printed Document Tracking Protects Against Data Exfiltration
If a company doesn’t know what’s being printed in its buildings, it’s much easier for an insider threat to make off with critical information.
Sophisticated printed document tracking systems can help leaders to view content that has been printed out at a specific location. They can set alerts for relevant print jobs that may constitute suspicious activity. They can also search through the network to find specific documents and view whether they have been printed, and if so, where.
They can also look at the big picture in recording printer usage and activity to see whether employees are complying with standards and doing things the right way. The combination of single-document searches and more global evaluation does a lot for business, not just in adding site security to the mix, but for logistical planning as well (for example, ordering volume of paper, and looking at print activity and demand over time.)
Improving Perimeter Alarms Catches Insider Threat Activity
Security professionals today also talk a lot about perimeter and beyond-the-perimeter solutions.
The old traditional firewall was simply a traffic gate for incoming and outgoing information. It didn’t often do much more than that.
As for physical site security, companies often have a turnstile or gate system that restricts access into sensitive areas that work like a physical firewall.
Going beyond the perimeter, then, means looking for certain types of activities that might constitute threats. One such activity is ‘island hopping’ – a procedure by which threat actors get access to some part of the system and then use that to leapfrog somewhere else.
Reports say that one third of all attacks involve some sort of island hopping.
Experts describe island hopping as a tactic where a hacker gets into some system adjacent to a core network, and then stages a “hop” inside the network – and after that, goes from one potentially sensitive part of the network to another.
This said, one solution in the network world is microsegmentation, where the network has more than one set of doors to internal access.
From a site security standpoint, on the other hand, there’s a lot that can be done with the key cards used for site entry. Similar to how file activity can be tracked across a network, key cards can be traced along with their owners as they move through a building or location. That, again, provides the data for beyond-the-perimeter site intelligence.
Motion Sensors Detect Threats to Sensitive Areas
Think of it this way – inside a physical building are specific places where sensitive data lives.
The old ‘lights-out server room’ scenario illustrates this well. There may be one room with a single door. Behind that door, the machines are humming away, and USB portals or other means would allow an insider threat to simply grab that data and run.
So if motion sensors are applied to these systems, a malicious insider might get in the door, but a proactive security team would be alerted to the act. It is, in a sense, sort of like a honeypot protection scheme in that hackers are going to think they’re home free … that is, until someone says “smile, you’re on camera” (or, alternately: “Stop, you’re surrounded!) The idea is that the motion sensors, attached to an alarm system, are beacons for keeping sensitive locations safe.
Elevator Keys Track the Movements of Insider Threats
If the business has a large office footprint in a multistory building, an elevator can be a very effective type of microsegmentation for the physical building.
You’ve heard the old phrase “the elevator only goes to a certain floor” as a pejorative—but this type of solution can be extremely helpful in site security. It’s another physical equivalent of microsegmentation of a network. It keeps the sensitive stuff away from high-traffic areas and public eyes, and it helps zero in on insider threats that may be happening inside of a building.
Access Controls Protect High-Privilege Areas Inside A Building
This is another place where building site security can mirror some of the same philosophies used in network protection.
First, having a protected sensitive location inside a building is similar to that practice of network micro segmentation mentioned above. It’s nesting different sets of security protocols to keep valuable information safer.
But also, importantly, having data behind additional doors is also like another practice in the IT world called IAM or Identity and Access Management.
In digital IAM, administrators are setting different levels of access for users, depending on who they are and what they need to do their jobs. The same can be applied to the locked site locations: only certain people, based on rank or job title or other criteria, will have access.
Standards on Site Safety
All of the above illustrate how site data protection works.
Looking at the above techniques and methods, white hats and internal teams can learn more about how to really protect data, across the board, not just in digital networks, but in places where it physically exists too. Every business has some sort of sensitive data to protect, and by guarding the physical building as well as the digital network, security pros are covering the waterfront to harden the architecture as a whole, and to keep attackers out.