Building a human firewall to address insider threats
Now Reading
Building a human firewall to address insider threats

Building a human firewall to address insider threats

Practicing safe cyber behaviour should be built into the fabric of all job roles


During the first half of 2020, the FortiGuard Labs team found that evolving work environments and a greater reliance on personal devices presented new opportunities for cybercriminals to exploit enterprise networks. One method that threat actors have heavily relied on as of late is the creation of legitimate-looking phishing emails that can be used to tailor and launch attacks with ease. While this is not a new tactic by any means, these types of social engineering attacks have only grown more sophisticated and damaging as employees continue to work remotely and remain isolated from their teams.

The need to mitigate insider threat risk

Whether they know it or not, employees can pose a significant risk to the security of enterprise networks and the data they hold. Considering that 68 per cent of organisations feel moderate to extremely vulnerable to insider attacks, as noted in a recent study, it’s clear just how significant this issue is. In addition to those that are considered malicious insiders, these threats can also be attributed to the group known as the “accidental insiders.”

According to the same study, security teams view falling victim to phishing attacks (38 per cent) as the top cause for accidental insider threats, followed by spear-phishing (21 per cent), poor passwords (16 per cent), and browsing of suspicious websites (7 per cent). In other words, opening the door for cybercriminals can be as simple as clicking on a link or downloading a file without taking the time to determine whether or not it is legitimate.

With more employees working from home, unable to walk over to a co-worker’s desk to get their thoughts on a suspicious-looking email, these individuals are more likely to be susceptible to social engineering attacks. With this in mind, it is more important than ever that CISOs prioritise their employees’ cybersecurity awareness to help them understand the role they play in keeping networks secure, and reducing the insider threat risk.

Considering employees can be the best line of defence, it is crucial that CISOs protect their organisations by including employee education and awareness in their cybersecurity strategy. Regardless of job titles or roles, all employees should understand the repercussions of a security event and how it could affect the organisation and them personally. While this is a step in the right direction, establishing a baseline for good cyber hygiene must begin with CISOs helping their employees take cybersecurity seriously. This can be achieved in the following ways:

Tarun: Cybersecurity cannot fall on the shoulders of the security and IT teams alone.

Prioritise cyber awareness training

Social engineering attacks are extremely prevalent across organisations simply because they work. To combat this risk, CISOs must educate their employees about common attacks that could appear in the form of phishing, spear phishing, smishing, or other tech support scams. Understanding these threats and their associated red flags will be critical in helping employees avoid falling victim to fake emails or malicious websites.

Create a partnership between the security team and other departments
Cybersecurity cannot fall on the shoulders of the security and IT teams alone, especially as cyber threats continue to grow more sophisticated and challenging to detect. While the security team will be the expert in terms of determining the risk and threats, other departments will be critical in helping to develop user-friendly policies that are easy to follow both in the office and in remote work environments, even for those who are not entirely cyber aware. Through collaborative efforts, CISOs can ensure employees understand safe cybersecurity practices and the ramifications their actions can have should lead to improvements in how these individuals respond when confronted with a suspicious email or website, even while working from home.

Establish straightforward best practices
While it is easy to ignore or delete a suspicious-looking email, what about those that appear normal that the receiver is still unsure about? Employees must ask themselves certain questions to help make the right judgment call: Do I know the sender? Was I expecting this email? Is this email invoking a strong emotion like excitement or fear? Am I being told to act with urgency? Employees must hovering over links to see if they are legitimate before clicking, not opening unexpected attachments, calling the sender to verify they actually sent the email, and reporting all suspicious emails to the IT or security team. By explaining these steps to their employees from the beginning, CISOs can avoid negative repercussions down the line.

Final thoughts on insider threats

The ability to be cyber aware is a critical piece of the puzzle when it comes to keeping organisations secure. Whether employees realise it or not, their actions could open the door for cyber criminals to access sensitive information, meaning passivity towards security is no longer acceptable. By prioritising training and collaboration between departments and the security team, CISOs can lay the groundwork for a strong culture of security. Identifying suspicious behaviours, keeping devices up to date, and practicing safe cyber behaviour should be built into the fabric of all job roles to ensure that the human firewall continues to stand firm.

Renée Tarun is the deputy CISO and vice president, Information Security at Fortinet

You might also like


Scroll To Top