Biggest Threat

The Biggest Threat to Your Organization’s Data: An Insider

The largest cyberattacks that have managed to make the headlines, like Yahoo, Equifax, and Target, are data breaches on a large scale caused by hacktivists, state-sponsored hackers, and cyber criminals. These attacks dominate the news headlines featuring the company name and the attacker. They can be quite daunting and terrifying as they often result in huge reputational loss as well as financial loss due to compromised data. We focus on outsider threats because they all have clear-cut storylines, but while we concentrate on the crucial outside sources of threats, we often fail to understand that the upcoming threat could target you. Insider threats are often associated with malicious users but even employees play a key role in causing corporate breaches and massive data leakages.

Criticality of Insider Threats

Insider threats are difficult to attend to and combat for reasons such as:

  1. Difficult to Detect: Insider threats are hard to detect, especially when they are committed unintentionally. They do not go detected for years together.
  2. Identifying the Act as an Insider Attack: Distinguishing a malicious act of an insider is another crucial task. One can only imagine how wrong judgement would affect the morale of employees.
  3. Easy to Mask the Malicious Act: Employees or insiders, as an internal person, knows the various processes and can easily mask their action regardless of whether it is maliciously performed or unintentionally attempted. Having a privilege over technology would give them access to erase all evidence of their act.
  4. “Just a Mistake”: If the employee or insider is identified by the management, they can easily pass it off as an unintentional mishap, unless proven otherwise. This develops a careless attitude among regular employees as well.

Insider Threat Attack Cases [3]

Case 1: Factory Sabotage at Tesla

The alleged sabotage of Tesla has been in the news all through 2018, when an email from CEO, Elon Musk, was leaked. According to him, a trusted insider allegedly sabotaged a software system that controlled the car manufacturer’s processes. Even though the employee was countered for whistleblowing manufacturing policies, security pros are questioning the authenticity of the security norms, as they could not refrain an insider with unauthorised access.

Case 2: Swindle at Punjab National Bank (PNB) in India

An insider swindle of $1.8 billion at Punjab National Bank appeared to be more damaging than the Tesla incident. An employee accessed the sensitive password in the SWIFT interbank transaction system and used it to release funds toward a fraudulent transactional chain scheme that was offered by a diamond merchant. The merchant wanted to use the money to buy rough stones from suppliers.

Case 3: Users Abuse at Facebook

An ex-employee of Facebook used his unauthorised access to snoop in the users’ private information and stalk women online. When the news about the abuse of privileges by the security engineer gained light, Motherboard reported the involvement of multiple Facebook employees supporting the security engineer in the malicious act.

Case 4: Patient Records Compromised at Naunce

A malicious insider at Naunce, a speech recognition software firm, leaked 45,000 patient records that were hosted on one of its medical transcription platforms. Federal investigation identified that the leak was performed by a former employee into the company’s servers to access confidential patient information.

Case 5: Data Compromised at Sun Trust Bank

In April 2018, Sun Trust Bank announced the compromise of personal information by a former employee. The data compromised included names, addresses, contact numbers, and account numbers of over 1.5 million bank customers. The insider was attempting to swindle data to an outside criminal though the bank confirmed that the data had not been sent.

Fighting Insider Threats

Combating insider threats may seem to be an excruciating process, but is actually simpler than we think, especially when you apply the right approach. The following are a few steps, which when implemented, would minimize insider threats.

  1. Risk Control and Detection

There are certain measures that can be applied to detect and control the risk of threats from insiders. Organizations are reportedly making attempts to control insider threats—73% of organizations affirm that they are continually applying measures like data encryption, data prevention, identity and access management, cloud security, as well as mobile and endpoint security [4]. Organizations are also adapting various detection tools, which help them detect and evaluate insider security threats. Intrusion detection and prevention is quite popular among detection tools with 63% of the organizations using it [4]. The other detection practices are log management, security information and management (SIEM), and predictive analysis.

  1. Monitoring Employee Behavior

The probability of insider threat lies with employees who are exposed to excessive access to crucial data. It is a good idea to monitor the employees dealing with crucial data closely for changes in their behavior. Usually, signs of discomfort and depression can result in malicious acts. However, not every unhappy employee will act on his or her behavior.

  1. Background Verification

Whenever a new employee is hired, make sure that the background of the employee has been verified properly. Verification involves confirming the behavior of the employee with previous employers, ensuring the residential address shared is correct, and a quick online search will help with getting to know the employee better.

  1. Restrict Access

Restricting access is an important key to minimize the scope of threat. By giving restricted privileges, you automatically reduce the chance of malicious activity. Having fewer employees with access to the database or information makes monitoring easy and minimizes the chance of a mistake. It is also vital to restrict sharing of passwords and implement the practice of two-factor authentication.

  1. Internal Training and Education

The most important measure to control negligent insider threats is to train your employees on cybersecurity awareness. By educating the employees on the do’s and don’ts of cybersecurity, many security incidents can be curbed. Employees should be encouraged to practice security norms and develop a healthy security environment.

Organizations are facing insider threats, sooner or later, regardless of malicious or negligent mistake. Having necessary security measures in place and in alignment with insider threats will save you from the loss of millions of thousands later.






get certified from ec-council
Write for Us