Connect with us
Advertisement

Identifying and Mitigating Insider Threats Cyber Security

BOITSHEPO BOLELE

Organisations face many threats that coarsely can be separated in inside threats and outside threats. Threats from insiders are especially hard to counter since insiders have special knowledge and privileges. Therefore, malicious insider actions are hard to distinguish from benign actions.

When considering security of organisations we must distinguish between threats and attacks. A threat is amenace against the organisation, that can be caused by, for example, insufficient security precautions, incorrect configuration of security devices, or human error. An attack, on the other hand, represents a realisation of a threat; an attacker has identified a threat and uses it to his advantage. Clearly organisations can face many threats and attacks at the same time.

While only an attack can potentially cause “real” damage, threats can for example cause loss of reputation. To minimize the likelihood of a certain attack to happen, organisations must therefore minimize the number of threats they are exposed to, or at least they must ensure that they can identify and are aware of threats.

Threats against an organisation can come from a multitude of sources, which can be classified based on different metrics. If we consider the origin of threats, they can coarsely be divided into threats from the outside and threats from the inside of the organisation’s perimeter. The usual goal of IT security precautions is to contain threats from the outside of an organisation; protecting the organisation’s perimeter and assets against outside threats is fairly well understood, and a multitude of techniques exist. These approaches usually assume that the inside of the organisation is well-behaved or trusted.

Threats from the inside, on the other hand, pose a completely different set of problems. Actors inside of an organisation are legitimated to perform certain actions as part of their work. It is therefore difficult to distinguish benign and malicious activities by insiders.

Insiders are trusted to adhere to the policies governing their work, and only to break them in certain situations. Different approaches to insider threats often use different definitions of what an insider is, and what constitutes an insider threat, and so do different communities.

Defining Insiders and Insider Threats

Insiders

An insider is defined as an individual with privileged access to an IT system. This focus on IT systems is not surprising, since they often are used to realise insider attacks, and often are the source of insider threats. On the other hand organisations are so much more than their IT systems, and if already the fundamental definition is putting focus on a specific technique, it is dubious how well it will be useable to address the whole spectrum of issues.

Key issues here are: access to the system, ability to represent, knowledge, and trust by the organisation. An insider is a person that has been legitimately empowered with the right to access, represent, or decide about one or more assets of the organisation’s structure.

Insider Threats

An insider threat is the threat that an insider can perform an action that violates the organisation’s goals or expectations. Goals and expectations can be realised as policies, but they can just as well be implicitly expected behaviour.

Mitigating Insider Threats

Containing insider threats requires three major components: identification of potential inside attackers and threats, monitoring. All of these techniques pose interesting research questions in the light of insider threats, mainly because of the fact that inside attacks are executed with the rights and privileges of legitimate actors. It is therefore so difficult to identify an attack once it started. It is therefore so important to develop techniques to identify insider threats before an attack.

Identifying

When dealing with insider threats we need identifying techniques in a number of areas, including, e. g., legal frameworks, policies, and human behaviour. The main goal with these techniques is to provide classifications of events and observations to decide whether or not an insider attack is in progress or to be expected.

ConflictingGoals

In the area of insider threats we have to deal with a number of conflicting goals in different areas, where realising either extreme results in severe consequences; These might, e. g., be violation of laws or serious damage
of employees’ compliance with policies. Here we consider the two most serious ones, namely dealing with surveillance and privacy, and with regulation and autonomy.

4.1 Surveillance vs. Privacy

The agonism between surveillance and privacy can be seen as the most important conflict between goals. When monitoring as much as needed, this will with big probability violate privacy rights of employees and visitors, to name a few. When monitoring as little as possible to protect privacy, the monitored data will often not be meaningful to determine threats and attacks.

The problem is that the acceptable level can very well oscillate over time, depending on legal requirements, policies, and so on. Over-monitoring can result in an increased feeling of surveillance and distrust, resulting in a weakening identification of employees with an organisation.

Boitshepo Bolele is a Director at Hlanganani ICT Botswana, a BQA Accredited Institution, located at Unit 21 THE OFFICE. For preliminary assessment of Insider threats, contact us on3980483/ 3132255 / 72537788 or email boi.bolele@gmail.com

Continue Reading

Business

China’s GDP expands 3% in 2022 despite various pressures

2nd February 2023
China’s Gross Domestic Product (GDP) expanded by 3% year-on-year to 121.02 trillion yuan ($17.93 trillion) in 2022 despite being mired in various growth pressures, according to data from the National Bureau Statistics.

The annual growth rate beat a median economist forecast of 2.8% as polled by Reuters. The country’s fourth-quarter GDP growth of 2.9% also surpassed expectations for a 1.8% increase.

In 2022, the Chinese economy encountered more difficulties and challenges than was expected amid a complex domestic and international situation. However, NBS said economic growth stabilized after various measures were taken to shore up growth.

Industrial output rose 3.6% in 2022 over the previous year, while retail sales slightly shrank by 0.2% data show that fixed-asset investment increased 5.1% over 2021, with a 9.1% hike in manufacturing investment but a 10% fall in property investment.

China created 12.06 million new jobs in urban regions throughout the year, surpassing its annual target of 11 million, and officials have stressed the importance of continuing an employment-first policy in 2023.

Meanwhile, China tourism market is a step closer to robust recovery. Tourism operators are in high spirits because the market saw a good chance of a robust recovery during the Spring Festival holiday amid relaxed COVID-19 travel policies.

On January 27, the last day of the seven-day break, the Ministry of Culture and Tourism published an encouraging performance report of the tourism market. It said that domestic destinations and attractions received 308 million visits, up 23.1% year-on-year. The number is roughly 88.6% of that in 2019, they year before the pandemic hit.

According to the report, tourism-related revenue generated during the seven-day period was about 375.8 billion yuan ($55.41 billion), a year-on-year rise of 30%. The revenue was about 73% of that in 2019, the Ministry said.

Continue Reading

Business

Jewellery manufacturing plant to create over 100 jobs

30th January 2023

The state of the art jewellery manufacturing plant that has been set up by international diamond and cutting company, KGK Diamonds Botswana will create over 100 jobs, of which 89 percent will be localized.

This content is locked

Login To Unlock The Content!

Continue Reading

Business

Investors inject capital into Tsodilo Resources Company

25th January 2023

Local diamond and metal exploration company Tsodilo Resources Limited has negotiated a non-brokered private placement of 2,200, 914 units of the company at a price per unit of 0.20 US Dollars, which will provide gross proceeds to the company in the amount of C$440, 188. 20.

According to a statement from the group, proceeds from the private placement will be used for the betterment of the Xaudum iron formation project in Botswana and general corporate purposes.

The statement says every unit of the company will consist of a common share in the capital of the company and one Common Share purchase warrant of the company.

Each warrant will enable a holder to make a single purchase for the period of 24 months at an amount of $0.20. As per regularity requirements, the group indicates that the common shares and warrants will be subject to a four month plus a day hold period from date of closure.

Tsodilo is exempt from the formal valuation and minority shareholder approval requirements. This is for the reason that the fair market value of the private placement, insofar as it involves the director, is not more than 25% of the company’s market capitalization.

Tsodilo Resources Limited is an international diamond and metals exploration company engaged in the search for economic diamond and metal deposits at its Bosoto Limited and Gcwihaba Resources projects in Botswana.  The company has a 100% stake in Bosoto which holds the BK16 kimberlite project in the Orapa Kimberlite Field (OKF) in Botswana.

Continue Reading