In an article on insider threats published by Gartner referencing a cyber breach at Marriott International, the hotel chain was fined over $120 million for leaking the data of more than 380 million hotel guests in the UK. Needless to say, this was a significant event with far-reaching financial consequences compounded by a loss of consumer confidence in this otherwise highly respected hospitality brand. 

The cause of the breach: poor IT monitoring and employee negligence. In common vernacular, this is a classic case of an unintended insider threat.

No organization ever wants to be put in this position, but the truth of the matter is that this was not an intentional breach with malevolent intent. Despite having standard operating procedures in place when and if a cyber-attack occurs, it’s equally, if not more important, to have preventative measures in place against internal threats. 

While such risks can be unintentional, others are not, and are driven by motives to steal valuable information on your products, services, finances or customers. As with the Marriott incident, the consequences were steep but also deemed preventable after forensic investigation. To make matters worse, it’s estimated that as many as 90% of all insider threat activities go undetected for months or even years. 

The truth of the matter is that many high-profile cyber-attacks result from an individual gaining direct physical access to a server, thru access phishing attempts to employees (including CEOs), or by gaining unauthorized network access by compromising a physical security device connected to the IP network. Detecting such activities has been a longstanding challenge with traditional physical access control systems (PACS) and related security solutions that are limited in their ability to monitor potentially threatening activities. Examples include sharing or replicating physical access credentials; tailgating and piggybacking to gain entry to facilities and secured areas like data centers; policing and preventing unauthorized remote access requests; flagging frequent unauthorized access denials; and numerous other essential activities that indicate something is amiss. For far too long security professionals have relied on legacy, non-standardized systems in an attempt to uncover such activities manually. These costly and time-consuming tasks have only resulted in poor visibility or undetected anomalies that pose real long-term threats to organizations. 

But times have changed and there are policies and solutions that can help alleviate – if not eliminate – insider threats altogether. Let’s start with three critical steps security professionals can take to help eliminate insider threats…

  1. Mine valuable data from your existing PACS, HR, and other security systems to establish 360° visibility of what’s happening in your organization, and gain actionable insights that allow you to take immediate remedial action.
  2. Develop a GAP strategy with your IT team to identify and understand what potential insider threats and risks exist across your enterprise from invalid access permissions and abnormal activities, as well as PACS and other networked security and IoT devices.
  3. Apply Zero-trust practices to your PACS and physical security policies with the intent to validate everyone on-premise while delivering the best, seamless user experience for employees, visitors and contracted workers.  

Vector Flow’s Physical Security Threat Intelligence solution can help you with all the above – on day one, right out of the box.

Our automated threat detection platform employs advanced AI and machine learning to autonomously analyze and correlate data from system logs, batch data, PACS, and other physical security systems in real-time to uncover anomalous activities that pose potential insider threats. Vector Flow helps quickly detect risky identities, sites, IoT edge devices, doors, etc. across the entire enterprise, effectively alleviating risks and liabilities to your organization. 

Contact Vector Flow today to discuss your current challenges, or register for an upcoming webinar on our innovative Insider Threat Detector solutions.