The Threat is Inside the Building!
Often, Cybersecurity is thought of as a process of looking out to the world and searching, scanning, and bracing for what might be out there. It’s an ongoing process – a valiant mission – to plan for the worst. It’s a constant battle against external threats discovering things about you and using those discoverings against you. Unfortunately, if you are only looking for and protecting against external threats, you’re only doing part of your job. Cybersecurity should always be viewed as looking in two directions at once: external and internal. It is imperative you don’t ignore the possibility of internal threats.
Internal threats, of course, come from inside your organization. They are your employees, your coworkers, and sometimes even your friends. It is hard to imagine they would willingly do anything to betray your organization. But wait! Internal threats are not always the criminal, calculated schemes that feed our movies and television shows. Many times, internal breaches are due to a variety pack of non-nefarious reasons. Let’s explore more, shall we?
Non-Malicious Insider Threats
Quite often, the employees who become non-malicious insider threats (NMIT) don’t even know they are doing anything wrong. These are the people who check work email on public computers and then forget to log out of their applications. These are the employees who do work while at coffeeshops on unsecure networks. These are the ones forwarding work emails to their personal email addresses, so they can continue working from home.
Or perhaps the employees are, in fact, willfully doing something wrong, but they justify it as necessary to get their job done. The Government Research Council (GRC) did a study on government employees’ use of approved mobile devices. The GRC found around one-third of respondents were using personal devices to do business work on. Of that third, 94% of DoD and military employees, and 64% of civilian employees, were using personal devices that had not been approved by their agency.
Better cybersecurity education can really go a long way to stopping many NMITs from forming in any organization. Employees should be taught not only what is acceptable and what isn’t, but also why certain online behaviors are dangerous. They should be taught how immense their impact is in the organization’s cyber security plan and how cyber security is a company-wide endeavor.
There is one other way to severely hamper both malicious and non-malicious insider threats, something Fognigma excels at: granular user controls.
Fognigma Networks Protect Against Insider Threats
Fognigma gifts network administrators with granular user controls. Quite simply, granular user controls allow the admin complete control over every little aspect of a user’s permissions inside a Fognigma-created Mission Partner Network (MPN). From which components to which files to which entry and exit points, admins will be able to make sure each user has access to only those things they need to access. This method of precise control is accomplished by creating groups.
Groups exist for each part of a Fognigma network. With just a few mouse clicks, users are added to very specific groups, which give them access to specific components, features, and even entry and exit points. And just as easy as they are added, users can be removed from groups.
We can explain this better by using an example. Our example company is called The Company and boasts 400 happy (and imaginary) employees. The Company has deployed Fognigma and is enjoying the protection and anonymity it provides. A new employee is hired: Jay. The Company’s HR team is on point and have already completed an IAM (Identity and Access Management) assessment for Jay. As a new accountant, Jay needs access to certain things and shouldn’t see other things.
The network admin who handles all permissions begins adding Jay to groups inside their MPN. He gets added to the company-wide telephony system group, the company-wide message server group, and the company-wide file share group. Jay is then added to the accounting fileshare group and accounting private channel on the company-wide message server group – each consisting of the CEO and the four-person accounting department. No other employees can access these groups, which thus limits the exposure of sensitive financial data to just 1.25% of the company.
Jay is not added, however, to the dev file share or the dev private messaging channel group (which Jay doesn’t even know exists). Jay doesn’t need access to any of the development team’s research or discussion. Not that he would (he’s a good dude), but this limited access prevents Jay from even contemplating leaking company development secrets – he just can’t get to them.
And here comes the really cool part. Imagine, after a few months, Jay realizes a new computer process would greatly help accounting with their accounts payable work flow. He mentions it to the CEO, who loves the idea. A new private messaging channel group is formed. Inside that group are Jay, the CFO, and two developers assigned to the task. No one else in the company can access this messaging group. Inside, these four employees can discuss and develop the new process.
Three months later, the process is rolled out for the company to use. The accounting department is thrilled. The private messaging group is no longer needed, so is easily deleted. And the rest of the company? Well, they didn’t need to know about any of this, so they didn’t. Everyone is containerized within their own little spheres, preventing each user from having too much access to what goes on inside the company.
This example serves to illustrate just a fraction of how Fognigma’s use of groups can limit user access and temptation. And by limiting access, Fognigma’s granular user controls prevent problems before they even can develop.