It is well understood that insider threats pose the greatest risk to organisations of all types and sizes around the globe. Moreover, they are one of the hardest threats to prevent, and are rendered even more dangerous, because unlike cyber criminals, insiders don't have to write complicated malicious code to breach your network: they already have legitimate login credentials.

So are businesses fighting the insider threat effectively? "A lot of businesses are doing a couple of wrong things regarding insider threat management, including doing nothing about it at all, either because they trust their employees, or because they don't know what to do about it," says Clement Monakhisi, senior manager IAM and data application security at IBM Security.

Monakhisi will be presenting on 'An integrated approach to insider threat protection' at the ITWeb Security Summit 2018, to be held from 21 to 25 May at Vodacom World in Midrand.

Some businesses have deployed technology such as privileged identity management, identity management, and security information and event management (SIEM) solutions. But although these solutions have been implemented, the majority of businesses have not implemented the proper supporting processes necessary to detect insider threats using these technologies, he adds.

In terms of what organisations could do better, Monakhisi says they should identify the ‘crown jewels' of the company in terms of data and critical applications: these are the things they simply cannot afford to lose or have publicly exposed.

They should also implement processes that specifically target insider threats, to manage internal issues and contractors or other third-party partners who have access to critical information.

He also suggests an integrated approach to fighting the insider threat. "An integrated approach entails taking deliberate steps to implement processes that encompass identity management (who has access to what), privileged identity management (who can use the privileged accounts within the organisation), and event monitoring and analysis (who accessed what, when and how)."

Monakhisi says an integrated view of identity management draws a picture about users' behaviour within the organisation related to access to systems. Changes in behaviour will trigger an alarm, and alert the business that an insider could be up to no good, and action needs to be taken.

Delegates attending Monakhisi's presentation can expect to learn more about the importance of user behaviour within their organisation, the importance of identifying the ‘crown jewels' within the organisation and associated ownership of these systems and data. In addition, he will discuss how this can only be done through a consultative effort and not by a technology stack alone.