Insider Threat Assessment
What is an Insider Threat Assessment?
An insider threat assessment evaluates an organization's ability to prevent, identify and mitigate risks from employees and third parties, including malicious and non-malicious insiders who have access to sensitive systems, intellectual property and other valuable assets.
Insider Threat Assessment: The Why and When
Explore the research and data points below to learn more about why conducting an insider threat assessment is an important value-add for organizations at time of rising cyber security risk:
-
44%
The number of insider incidents has increased by 44% over two years. (1)
-
$15m
The cost per insider incident averages $15+ million. (2)
-
34%+
of businesses globally are impacted by insider threats every year. (3)
A growing number of data breaches can be traced to insiders — employees and third parties who have legitimate access to an organization’s systems. These insiders can often access highly sensitive data such as trade secrets, customer databases and strategic plans. Protecting corporate assets from such insiders — regardless of their motivations — is critical.
How Aon Can Help
An insider threat assessment from Aon is customized to each organization's specific needs and risks. Aon believes that a one-size-fits-all approach is unworkable because the complexity and diversity of insider threats vary so much from company to company.
Aon offers two approaches to address insider threats: insider threat assessment and penetration testing . Organizations often elect to begin with a broader assessment and an automated insider threat simulation of their program, followed by an active penetration test to examine their security controls.
-
Insider Threat Assessment and Simulation
The Aon team follows a clear and proven process in analyzing the organizational aspects of the insider threat landscape, which includes:
- A review of existing policies, procedures and technologies related to organizational charters, access control, data management, and incident response.
- Building an insider threat strategy based on the organization’s unique risks and vulnerabilities. The model could focus on potential threat actors and/or specific sensitive information or trade secrets that could interest cyber actors.
- Interviews and surveys with key personnel to gather insights into user behavior, motivation and attitudes toward security and risk management.
- Evaluate the effectiveness of security tools, monitoring, and countermeasures. Aon’s Insider Threat Simulation is aligned with the MITRE Insider Threat initiative and allows clients to assess insider threat risk. The simulation impersonates employee/contractor user roles and uses specific insider breach techniques to try to bypass security controls and defenses. The simulation provides multiple scenarios to test the effectiveness of security controls and detection mechanisms.
- During an Insider Threat Simulation, Aon’s integration with a client’s security stack and Security, Information and Event Management (SIEM) provides an in-depth analysis of successful/blocked breach techniques while measuring the efficacy of defensive controls and the security monitoring programs.
- Aon can test the effectiveness of data leak prevention controls and firewall policies by simulating thousands of attacker techniques to stage data.
These fact-finding steps are supported by access to advanced tools and technologies for monitoring and analyzing network activity, user behavior and data access patterns.
After gathering and analyzing the information gained in the above steps, the Aon team develops a comprehensive report of findings and recommendations — including specific actions to address identified vulnerabilities and improve overall security posture. Recommended actions may include:- Improvement of policies and procedures
- Deployment of more effective access controls
- Enhanced user awareness and security training
- Implementation of advanced security technologies and solutions
- Technical findings intended to improve SIEM detection and security tool effectiveness
This report is presented to key stakeholders, including the C-suite, security leadership, senior management, HR and legal stakeholders involved in managing an insider threat program.
-
Insider Threat Penetration Testing
Commonly referred to as compromise simulation, this targeted penetration test demonstrates the potential impact by an authenticated malicious insider, advanced end-user or host compromised by malware or credential theft. Posing as a legitimate user with low-level domain privileges, Aon penetration testers simulate a targeted attack, attempting to breach security controls and gain access to restricted data and internal systems. This style of test helps determine whether an organization has problems with its insider controls, such as overly permissive authorization protocols, privilege escalation or exploitation of network and application vulnerabilities.
Aon also simulates sophisticated insider attacks that manually subvert security controls to gain access to sensitive data such as confidential customer information, employee records, code signing keys, strategic planning and financial information. This type of manual assessment allows clients to gauge the effectiveness of notoriously difficult-to-monitor attacks instead of relying on automated scanning output . Aon’s team can demonstrate a realistic attack path to sensitive data within the organization from end to end. This allows clients to evaluate internal security controls, including the new security controls implemented following an Insider Threat Assessment and Simulation.
This service can be customized to cover numerous potential attack paths and targets. Regularly performing these types of assessments helps to continuously improve client security posture as new vulnerabilities and threat tactics, techniques, and procedures evolve. This may include building controls to counter:- New 0-day vulnerabilities
- Improved attacker tooling
- New EDR/AV bypasses
- Emerging threats
The Aon team develops a comprehensive report of findings and recommendations — including specific actions to address identified vulnerabilities and improve overall security posture. Recommended actions may include:
- Improving incident response procedures and alerts
- Improving access control efficacy
- Recommendation of advanced security technologies and solutions
The Aon Team
Our insider threat services are delivered by a global team of highly qualified professionals with decades of experience across all areas of cyber security, as well as disciplines like law enforcement, accounting, law, risk management, business resilience, disaster recovery, crisis management, insurance and more.
Explore More Cyber Offerings
(1) Insider Threats are Organizations’ Biggest Cybersecurity Risk
(2) Insider Threats are Organizations’ Biggest Cybersecurity Risk
(3) ENISA Threat Landscape 2021
Insurance products and services are offered by Aon Risk Insurance Services West, Inc., Aon Risk Services Central, Inc., Aon Risk Services Northeast, Inc., Aon Risk Services Southwest, Inc., and Aon Risk Services, Inc. of Florida, and their licensed affiliates.
The information contained herein and the statements expressed are of a general nature, not intended to address the circumstances of any particular individual or entity and provided for informational purposes only. The information does not replace the advice of legal counsel or a cyber insurance professional and should not be relied upon for any such purpose. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.