Authored by Dick Bussiere, Technical Director, Tenable APAC
Critical infrastructure is the bedrock of India’s modern society. Essential services such as transportation, power and energy, healthcare, telecommunications and more, are key to the nation’s social and economic development.
There’s an unspoken expectation that these critical services work seamlessly, yet, if compromised by a cyber threat, it can throw a spanner in the works and significantly impact the nation’s security, economy and deny access to basic services. When world leaders met at Davos for the World Economic Forum earlier this year, cyber threats to critical national infrastructure were listed as a top 10 global threat.
These threats take centre stage as digital transformation initiatives roll out across India interconnecting operational technology (OT) and IT networks to optimise production and drive innovation. This makes an organisation more susceptible to threats. However, not all threats are external. Some of its dangers come from within the organisation.
What are insider threats?
Insider threats are users with legitimate access to an organisation’s network and resources, who use their privilege to harm the organisation. It can be accidentally or intentionally, in both the cases, it can bring an organization to kneel. The users can be employees, partners or contractors, past and present.
Insider threats are often a greater, unsolved risk in most organisations compared to external threats because they come from a trusted source. Organisations trying to detect insider threats face the challenge of not only differentiating attacks from "normal" traffic but also ensuring they are not inundated with false positives from users performing legitimate tasks.
To understand how insider threats can be handled effectively, let’s explore the key motivations and circumstances of these instances.
Securing organisations from insider threats
It’s important for security teams to educate and create awareness on cyber threats amongst employees. It helps employees to monitor for malicious or anomalous activity. However, companies must have a plan to defend against the multitude of insider threats. Here are three ways organisations can protect OT environments from insider threats.
Improve security through continuous monitoring and visibility
With enormous pressure to curb external threats, insider threats generated by employees, partners and contractors can be easily overlooked. At the same time, identifying and combating insider threats can be challenging as most of the cybersecurity programs focus on keeping the bad actors out of the company’s network.
Effectively securing connected OT and IT environments from insider threats is a work in progress and not something that will be fixed overnight. Implementing IT best practices for insider threat prevention in OT environments and unifying controls and visibility across both infrastructures represents the best recipe for protection and the best defence against insider threats.