Managing the insider threat

Access & Identity Management Handbook 2020 Access Control & Identity Management

The insider threat is so immense it now even has a month dedicated to it.

Gerard King.

With the mission-critical role played by today’s mainframes it is essential to pay close attention to the insider threat and the management of privileged users. I think we can safely say that there is little argument from any research house that the biggest security risk organisations face today is the insider threat.

However, that is not to say that the majority of insiders are malicious. Insider threats come from many sources. Certainly, malevolent insiders pose a threat, but often the threat originates from employee mistakes rather than malice, or a valid system account being compromised by an external attacker.

Faced with these significant threats, we must focus our security management practices at effectively mitigating the risks in this area. This is easier said than done as there are hurdles to overcome first.

The following are four best practices essential to the management of insider threat:

Assess and secure.

Govern and control.

Record and review.


Assess and secure

It is important to assess your existing security posture and, based on the results, implement the necessary controls to mitigate key risks. This involves identifying your privileged users and determining which of these users truly need this level of access. It is extremely likely you will find that you have too many privileged users.

You must also understand your data landscape. Make use of scanning and classification tools to gain an understanding of where your sensitive data resides, including financial, personally identifiable information, private health material and other information that is confidential to your business. Understanding your data landscape, and determining the risks of each classification of data that you own, will provide you with the necessary information to implement good risk mitigation capabilities. Restrict access to this data as much as possible and, in many cases, limit this access to only your privileged users.

Govern and control

The use of a privileged access management tool that allows privileges to be elevated only when needed will be important to ensuring you adhere to the principles of least access and therefore mitigate risks in this area. Also, the use of multi-factor authentication for privileged users is important to prevent these high-risk accounts from falling into the wrong hands.

Monitoring these accounts to ensure compliance with access policies is essential. This will involve understanding who has access to critical applications and data as well as being informed of who has been accessing these resources. Logging and alerting around this area will help mitigate many critical risks. It is also important to identify who has not accessed sensitive resources in several months or even years. These are the users that need their permissions reduced, which will in turn reduce your overall risk and is consistent with the principles of least access.

Record and review

It is crucial to monitor the activity of all users, especially privileged users. The use of tools that can monitor activity against security policies, and send alerts when these policies are violated, is essential.

Many organisations use Security Information and Event Management (SIEM) platforms within their Security Operations Centre (SOC). A best practice involves sending mainframe security events to these SIEM platforms. This allows the SOC to identify security issues on the mainframe and react quickly to reduce the risk to the business. But, it is important to filter and enrich the event information coming from the mainframe to the SIEM platform. This ensures that these events are clearly understood and don’t overwhelm the platform.

Operationalise – strengthen that risk posture

Now that you have the necessary steps and controls in place, you need to operationalise each area to ensure you maintain a good risk posture. This includes the ongoing use of clean-up tools to review if users need their level of access control adjusted, which will be necessary when employees change jobs or leave the company. Don’t forget to continuously scan for sensitive data, as data is always changing. Understanding when and where new copies of sensitive data enter your systems helps you adjust your access policies, reduce risk and pass audits.

Adaptation is key to survival

Remember, our environments are continuously changing and we need to continuously monitor these changes and adjust. With this approach we stand the best chance of keeping our risks at the lowest possible levels.

For more information contact CA Southern Africa, +27 11 417 8594, [email protected]


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Defending against SIM swap fraud
Access Control & Identity Management
Mobile networks must not be complacent about SIM swap fraud, and they need to prioritise the protection of customers, according to Gur Geva, Founder and CEO of iiDENTIFii.

Access Selection Guide 2024
Access Control & Identity Management
The Access Selection Guide 2024 includes a range of devices geared specifically for the access control and identity management market.

Biometrics Selection Guide 2024
Access Control & Identity Management
The Biometrics Selection Guide 2024 incorporates a number of hardware and software biometric identification systems aimed at the access and identity management market of today.

Smart intercoms for Sky House Projects
Nology Access Control & Identity Management Residential Estate (Industry)
DNAKE’s easy and smart intercom solution has everything in place for modern residential buildings. Hence, the developer selected DNAKE video intercoms to round out upmarket apartment complexes, supported by the mobile app.

Authentic identity
HID Global Access Control & Identity Management
As the world has become global and digital, traditional means for confirming authentic identity, and understanding what is real and what is fake have become impractical.

Research labs secured with STid Mobile ID
Access Control & Identity Management
When NTT opened its research centre in Silicon Valley, it was looking for a high-security expert capable of protecting the company’s sensitive data. STid readers and mobile ID solutions formed part of the solution.

Is voice biometrics in banking secure enough?
Access Control & Identity Management AI & Data Analytics
As incidents of banking fraud grow exponentially and become increasingly sophisticated, it is time to question whether voice banking is a safe option for consumers.

Unlocking efficiency and convenience
OPTEX Access Control & Identity Management Transport (Industry)
The OVS-02GT vehicle detection sensor is the newest member of Optex’s vehicle sensor range, also known as ‘virtual loop’, and offers reliable motion detection of cars, trucks, vans, and other motorised vehicles using microwave technology.

Protecting our most vulnerable
NEC XON Access Control & Identity Management Products & Solutions
In a nation grappling with the distressing rise in child kidnappings, the need for innovative solutions to protect our infants has never been more critical. South Africa finds itself in the throes of a child abduction pandemic.

Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.