Many people see asset management systems only as ways to protect their company’s electronics and hardware from theft. But current security technology collecting real-time, location-based data also protects your company against a range of insider threats.
The need to protect against such threats is, unfortunately, great. A study from the Goldstein Group found that nearly 60% of all insider attacks were carried out by authorized personnel. That includes employees, contractors, and vendors.
Real-time asset management and location systems effectively mitigate damage from internal threats to your company. In addition, these systems act as deterrents, rapid response tools, and—most importantly, in new, expert opinion—help you identify at-risk personnel before they act against your company.
So what is an insider threat and how can you help protect against insider threats? This article explores that and more.
Types of Physical Security Internal Threats
There are several threats your company could face from insiders.
Intellectual property theft
Trade secrets and other proprietary data are, unfortunately, common targets for theft by corporate insiders.
A recent high-profile example of intellectual property theft was the award of $9 million in damages against Odessa, Texas businessman Toby Eoff for stealing trade secrets from the company he himself founded, Odessa Pumps, an oil industry mainstay.
Disgruntled staff can significantly damage your business, given their access to and knowledge of your organization.
Shannon You, a chemical engineer, was recently convicted of economic sabotage against The Coca-Cola Company in Atlanta and Eastman Chemical Company in Kingsport, Tennessee, where she worked in the early 2010s. She sought to damage research into BPA-free plastics and send corporate findings to Chinese competitors.
A secondary but significant effect of insider attacks is the reputational damage your company might face due to service outages, negative media coverage, and loss of customer trust.
To maintain performance, you must find the right balance of security and accessibility. Stay accessible, but not at the expense of protecting valuable assets and business processes.
Why are Insider Threats Difficult to Manage?
Insider threats can be significantly more difficult to address than those outside. The underlying issue is trust. When your organization vets someone and brings them inside, they’re granted a level of trust in their ability to access your resources. Unfortunately, that trust can be exploited.
Discovering insider attacks can take a significant amount of time. Employees, contractors, and anyone else you categorize as an “insider” will have some degree of access to sensitive resources. What access is legitimate and illegitimate? When does use become malicious? Without proper security controls, it is not always clear.
That also assumes you can identify a threat when it first emerges. Insider threats can go undetected for a long time. Whether they’re acting maliciously or incompetent, insider threat actions can go unnoticed during a normal workday. And unfortunately, the longer it takes to discover an insider attack, the costlier it can be to fix.
How to Prevent Insider Threats Using Real-Time Asset & Location Systems to Deter
So how can companies reduce insider threats? Asset and location tracking tools give your business a range of methods to defend against insider threats. Here are recommendations for using real-time data collection features to get the most out of these systems.
Have a plan
Prioritize protecting your business’s highest value and most exposed assets. These are the targets any attacker will prioritize, and the ones inside attacks gain the most advantage against. If needed, conduct a security audit to identify what you don’t know about potential threats.
Also, tailor controls around individual employee access areas. For example, a disgruntled IT staffer will be more capable of damaging your data center, where they know how to find your high-value hardware, than your inventory in a warehouse.
Conduct insider threat awareness training
When it comes to insider actions, even small mistakes can turn into large consequences. So you need to prevent as many mistakes as possible from occurring in the first place. That takes comprehensive security and awareness training.
Security awareness must be a significant part of your onboarding and annual review processes. No one should be able to claim they didn’t know about the potential threats your organization faced.
Implement a Zero Trust Security model
Zero Trust Security (ZTS) shifts the focus away from your facility’s perimeter and turns it towards all the layers you can control within your organization. So, for example, instead of just worrying about access through your exterior doors, you employ rigorous access controls at every entryway throughout your facility. You have zero trust that someone inside your facility actually should be there. They need to authenticate themselves at every critical boundary.
ZTS requires a combination of security technologies, policies, and training to implement effectively. Technology is important, but if your employees don’t know how to use it, when to trust it, or when to be skeptical of it, your organization will be at unnecessary risk.
Use security management technology to monitor changes in behavior
Security experts recommend analyzing employee access patterns to identify risk factors. Real-time location and IT asset management systems provide a wealth of automated transaction logging to identify unexpected changes in behavior.
Is an engineer now entering your data center on an unexpected schedule? Is an admin assistant repeatedly checking out assets at the end of their shift? Are they regularly clocking in and out at different times without authorization?
A joint study from IBM and the Ponemon Institute found that companies using User Behavior Analytics (UBA) saw an average cost reduction of $1.1 million per insider attack, making it the largest incremental cost-saving measure currently available.
Limit exposure to external mobile devices
The risk companies face is great enough just accounting for their corporate assets. The risk of attack or compromise jumps significantly when your facility and network are exposed to external electronics. For example, through your company’s Bring Your Own Device (BYOD) policy.
Limit your company's exposure to unnecessary personal devices on your network whenever possible. Each unmanaged device within your security perimeter represents a risk of attack and another one on which you’ll need IT to conduct vulnerability scanning. Asset lockers can aid in device management and integrate well with other location and access control systems.
Involve security before terminating insider threat employees
The case of Shannon You should be a warning. IT, Security, and HR teams should coordinate before employee terminations and other sensitive HR actions.
Revoking or reassigning employee access to your facility must be timed precisely during these events. This helps prevent damage and even workplace violence by limiting your disgruntled employee’s access to company assets and your other personnel. Centralized security management systems, like KeyTracer and AssetTracer, make this coordination easier.
People-centric problems like insider attacks require people-centric solutions. Real-time asset management and location systems are effective tools for mitigating the risk of insider attack. They act as deterrents, rapid response tools, and through data collection, can identify threatening personnel before they can harm your company.
Are you concerned about how to stop insider threats?
Check out our other guide "Physical Security 101: How to Start Building a World-Class Security Program," and learn how to identify and mitigate risks from within your organization.
About the Author
Vice President of Marketing
Jay oversees marketing and strategic partnerships at Real Time Networks and has over three decades of experience in leadership roles in the financial services and technology industries.