InTegriLogic Blog

Insider threats are among the most dangerous cyberthreats out there. Yet, organizations of all sizes seem to be either reluctant or negligent when it comes to fighting them. Over 50 percent of organizations don’t have an Insider Risk Response Plan and 40 percent don’t assess how effectively their technologies mitigate insider threats.¹ Even though 59 percent of IT security leaders expect insider risks to increase in the next two years, very little is being done to prevent them from causing serious security incidents.

With the threat growing bigger by the minute, disaster could strike at any time. If you still aren’t worried, just remember that the average time to identify and contain a data breach is 280 days. This should give you an idea of the possible damage a single data breach could cause to your business.

This brief article will attempt to throw some light on the types of insider threats you must detect and mitigate, the damage they could cause, the user attributes that increase these risks, and the security controls you should implement to prevent and reduce these threats.

 

Understanding Insider Threats

Simply put, an employee or contractor who wittingly or unwittingly uses his/her authorized access to cause harm to your business is considered an insider threat. The Ponemon Institute’s Global Cost of Insider Threats Report 2020 lists three types of insider threats:

• A careless or negligent employee or contractor who unwittingly lets a hacker access your business’ network. Over 60 percent of incidents in 2020 were related to negligence.
• A criminal or malicious insider who abuses his or her privileged access to your business’ network to either steal or exfiltrate sensitive data for financial gain or plain old revenge. Criminal insiders were involved in 23 percent of breaches in 2020.
• A credential thief who poses as an employee or a contractor to gain access to sensitive data and then compromise the data for financial gain. Credential theft led to 14 percent of breaches in 2020.

The Serious Damage Insider Threats Can Cause

Even a single security breach caused by an insider threat can result in serious damage to your business in the following ways:

• Theft of sensitive data: Valuable data such as customer information or trade secrets could be exposed following a breach — an ordeal Marriott International survived in early 2020. Hackers abused a third-party application used by Marriott for providing guest services, to gain access to 5.2 million records of Marriott guests.
• Induced downtime: The downtime following a breach impacts your business in more ways than one. As mentioned earlier, it can take a long time for you to ascertain the details of a breach and then control the damage. This period can drain your business resources like it did to a company in the UK who had to eventually shut shop after a disgruntled employee deleted 5,000 documents from its Dropbox account.
• Destruction of property: A malicious insider could cause damage to physical or digital equipment, systems or applications, or even information assets. A former Cisco employee gained unauthorized access to the company’s cloud infrastructure and deleted 456 virtual machines, jeopardizing the access of 16,000 users of Cisco WebEx. The tech major had to shell out $2.4 million to fix the damage and pay restitution to the affected users.
• Damage to reputation: This is a guaranteed consequence of a security breach. Should you suffer a breach, investors, partners and clients may immediately lose confidence in your business’ ability to protect personal information, trade secrets or other sensitive data.

User Attributes That Aggravate Insider Threats

The likelihood of a security breach caused by an insider could be significantly increased due to:

• Excessive access provided to several users in the form of unnecessary permissions or admin rights
• Haphazard allocation of rights to install or delete hardware, software and users
• Usage of weak login credentials and bad password hygiene practices by the users
• Users that act as a single point of failure since no one keeps their access under check (a phenomenon common with the CEO fraud)

 

Building a Resilient Defense Against Insider Threats

As a business, you can undertake a list of security measures to build a resilient defense against insider threats as part of a proactive defense strategy rather than a reactive one. Some of the immediate measures you can take include:

• Assessment and audit of all systems: Direct your IT team to assess and audit every system, data asset and user in order to identify insider threats and document it thoroughly for further action.
• Restriction of access and permission controls: Not every employee needs to have access to every piece of data. You must review and limit unnecessary user access privileges, permissions and rights.
• Mandatory security awareness training for all users: This measure is non-negotiable. Every user on your network must be trained thoroughly on cyberthreats, especially insider threats, and on how to spot early warning signs exhibited by potential insider threats such as:
  • Downloading or accessing substantial amounts of data
• Accessing sensitive data not associated with the employee’s job function or unique behavioral profile
• Raising multiple requests for access to resources not associated with the employee’s job function
  • Attempting to bypass security controls and safeguards
• Violating corporate policies repeatedly
• Staying in office during off-hours unnecessarily
• Enforcement of strict password policies and procedures: You must repeatedly encourage all users to follow strict password guidelines and ensure optimal password hygiene.
• Enhancement of user authentication: Deploy enhanced user authentication methods, such as two-factor authentication (2FA) and multi-factor authentication (MFA), to ensure only the right users access the right data securely.
• Determining ‘baseline’ user behavior: Devise and implement a policy to determine ‘baseline’ user behavior related to access and activity, either based on the job function or the user. Do not be counted among the 56 percent of security teams that lack historical context into user behavior.
• Ongoing monitoring to detect anomalies: Put in place a strategy and measures that will identify and detect abnormal/anomalous behaviors or actions based on ‘baseline’ behaviors and parameters.

  Detecting insider threats and building a robust defense strategy against them can be a tough task for most businesses, irrespective of size. Unfortunately, the longer you wait, the greater the chance of a security lapse costing your business its entire future.

  However, you certainly shouldn’t hesitate to ask for help. The right MSP partner can help you assess your current security posture, determine potential insider threats to your business, fortify your cybersecurity infrastructure and secure your business-critical data.

  It may seem like a tedious process, but that’s why we’re here to take all the hassle way and ensure your peace of mind remains intact throughout this fight. All you have to do is shoot us an email and we’ll take it from there.

        Article curated and used by permission.      Data Sources:

• Ponemon Data Exposure Report 2021 by Code42
• Ponemon Cost of a Data Breach 2020 Report 2020
• https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches
• https://northyorkshire.police.uk/news/businesswoman-sentenced/
• https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches

The year 2020 witnessed an unprecedented onslaught of cybersecurity threats across the world as the global workforce underwent a forced transition to remote working. However, not all cybersecurity threats come from the outside. In a study conducted by Bitglass, 61 percent of businesses surveyed reported at least one insider-related cybersecurity incident in the last year. This could be anything from negligent employees who lack cybersecurity training to rogue employees who facilitate a breach for personal gain.

Considering the increasing frequency of insider threats and the severity of data breaches resulting from them, it goes without saying that all organizations need to take proactive steps to combat this serious security risk.

Before taking any preventative security measures, it is necessary to understand who causes these risks and why. In this blog, we’ll discuss all aspects of insider threats including the motivations behind them, potential actors, primary targets, consequences and more.

 Actors Behind Insider Threats

Anyone with access to critical information can pose a potential insider threat if the information is unknowingly or maliciously misused, resulting in a data breach. Businesses need to identify these actors if they want to curb insider threats effectively.

Insider threat types can be classified as follows:

• Negligent insiders – This may include careless executives or employees with access to privileged information. These insiders don’t have any motivation – money or otherwise. They are simply careless in their actions or may have fallen victim to a scam. For instance, in one particular incident involving an apparel manufacturer, a careless employee clicking one phishing link from his laptop was enough to compromise the entire network.
• Malicious insiders – These are insiders who intentionally abuse their credentials for personal gain. These actors have an advantage over external attackers since they have access to privileged information and are aware of the security loopholes. They may be motivated by monetary gain or may have a personal vendetta against the company.
• Contractors or vendors – Sometimes, even third-party vendors and contractors who have temporary access to an organization’s IT network can cause a data breach. The motivation in this case could also be money or vengeance. The US Army Reserves payroll system was once targeted in a similar attack, where a contractor who lost his contract activated a logic bomb to create a delay in delivering paychecks.

 

Motivations Behind Malicious Insider Threats

Malicious insiders are usually motivated by one or more of the following reasons:

• Money or greed – Most cases of non-negligent insider threats are motivated by money and personal financial gain. A greedy insider with access to restricted information is most often the culprit in this case. For example, two employees of General Electric stole the company’s intellectual property about calibrating turbines and started a competing firm with this information. After years of investigation, they were convicted in 2020.
• Revenge – Another familiar reason for insider threats involves revenge. Disgruntled employees, who believe they have been wronged by the company they once worked for, are usually behind this type of threat. In August 2020, a disgruntled former employee of Cisco deleted hundreds of virtual machines and caused about $1.4 million in damages to the company.
• Espionage – Many large organizations across the world have been victims of economic espionage from competing firms. This is mainly done to gain a competitive advantage in the market. A state-owned Chinese enterprise perpetrated espionage against American semi-conductor firm Micron by sending compromised insiders and stole valuable trade secrets.
• Strategic advantage – Intellectual property theft against large corporations is most often a result of trying to gain a strategic advantage in the market. Korean smartphone giant Samsung became a victim recently when its blueprint for bendable screen technology was stolen by its supplier.
• Political or ideological – There have been many documented cases of insider threats motivated by political or ideological factors. These cases often concern national pride or revenge against another nation for the attack.

 

Why Insider Threats Are Dangerous

Insider threats often have a massive impact on your data, primary assets and your bottom line. On top of it all, these threats are often hard to detect and contain. A study by the Ponemon Institute estimates that it takes 77 days on average to contain insider threats once detected.

• Targets primary assets: Insider threats often target the primary assets of an organization including proprietary information, product information, business plans, company funds, IT systems and more.
• Results in huge costs: The same study by the Ponemon Institute estimated that the average cost of insider threats has increased 31 percent to $11.45 million in the last two years. These costs include downtime losses, loss of business transactions, loss of business opportunities and more.

 

Don’t Wait to Protect Your Business

Although the consequences of insider threats may be disastrous, you don’t have to face this problem alone. If you are wondering how you can mitigate these threats and prevent losses, we’ve got you covered. Reach out to us today to understand the different ways by which you can build a resilient cybersecurity posture against insider threats.

 
 
 
Article curated and used by permission.
 
 
Data Sources:

 

• Bitglass 2020 Insider Threat Report
• https://www.zdnet.com/article/how-one-hacked-laptop-led-to-an-entire-network-being-compromised/
• https://www.theregister.com/2017/09/22/it_contractor_logic_bombed_army_payroll
• https://www.fbi.gov/news/stories/two-guilty-in-theft-of-trade-secrets-from-ge-072920
• https://www.bankinfosecurity.com/ex-cisco-engineer-pleads-guilty-in-insider-threat-case-a-14917
• https://www.justice.gov/opa/pr/prc-state-owned-company-taiwan-company-and-three-individuals-charged-economic-espionage
• https://edition.cnn.com/2018/11/30/tech/samsung-china-tech-theft/index.html
• IBM Cost of Insider Threats: Global Report 2020

The year 2020 witnessed an unprecedented onslaught of cybersecurity threats across the world as the global workforce underwent a forced transition to remote working. However, not all cybersecurity threats come from the outside. In a study conducted by Bitglass, 61 percent of businesses surveyed reported at least one insider-related cybersecurity incident in the last year. This could be anything from negligent employees who lack cybersecurity training to rogue employees who facilitate a breach for personal gain.

Considering the increasing frequency of insider threats and the severity of data breaches resulting from them, it goes without saying that all organizations need to take proactive steps to combat this serious security risk.

Before taking any preventative security measures, it is necessary to understand who causes these risks and why. In this blog, we’ll discuss all aspects of insider threats including the motivations behind them, potential actors, primary targets, consequences and more.

 Actors Behind Insider Threats

Anyone with access to critical information can pose a potential insider threat if the information is unknowingly or maliciously misused, resulting in a data breach. Businesses need to identify these actors if they want to curb insider threats effectively.

Insider threat types can be classified as follows:

• Negligent insiders – This may include careless executives or employees with access to privileged information. These insiders don’t have any motivation – money or otherwise. They are simply careless in their actions or may have fallen victim to a scam. For instance, in one particular incident involving an apparel manufacturer, a careless employee clicking one phishing link from his laptop was enough to compromise the entire network.
• Malicious insiders – These are insiders who intentionally abuse their credentials for personal gain. These actors have an advantage over external attackers since they have access to privileged information and are aware of the security loopholes. They may be motivated by monetary gain or may have a personal vendetta against the company.
• Contractors or vendors – Sometimes, even third-party vendors and contractors who have temporary access to an organization’s IT network can cause a data breach. The motivation in this case could also be money or vengeance. The US Army Reserves payroll system was once targeted in a similar attack, where a contractor who lost his contract activated a logic bomb to create a delay in delivering paychecks.

 

Motivations Behind Malicious Insider Threats

Malicious insiders are usually motivated by one or more of the following reasons:

• Money or greed – Most cases of non-negligent insider threats are motivated by money and personal financial gain. A greedy insider with access to restricted information is most often the culprit in this case. For example, two employees of General Electric stole the company’s intellectual property about calibrating turbines and started a competing firm with this information. After years of investigation, they were convicted in 2020.
• Revenge – Another familiar reason for insider threats involves revenge. Disgruntled employees, who believe they have been wronged by the company they once worked for, are usually behind this type of threat. In August 2020, a disgruntled former employee of Cisco deleted hundreds of virtual machines and caused about $1.4 million in damages to the company.
• Espionage – Many large organizations across the world have been victims of economic espionage from competing firms. This is mainly done to gain a competitive advantage in the market. A state-owned Chinese enterprise perpetrated espionage against American semi-conductor firm Micron by sending compromised insiders and stole valuable trade secrets.
• Strategic advantage – Intellectual property theft against large corporations is most often a result of trying to gain a strategic advantage in the market. Korean smartphone giant Samsung became a victim recently when its blueprint for bendable screen technology was stolen by its supplier.
• Political or ideological – There have been many documented cases of insider threats motivated by political or ideological factors. These cases often concern national pride or revenge against another nation for the attack.

 

Why Insider Threats Are Dangerous

Insider threats often have a massive impact on your data, primary assets and your bottom line. On top of it all, these threats are often hard to detect and contain. A study by the Ponemon Institute estimates that it takes 77 days on average to contain insider threats once detected.

• Targets primary assets: Insider threats often target the primary assets of an organization including proprietary information, product information, business plans, company funds, IT systems and more.
• Results in huge costs: The same study by the Ponemon Institute estimated that the average cost of insider threats has increased 31 percent to $11.45 million in the last two years. These costs include downtime losses, loss of business transactions, loss of business opportunities and more.

 

Don’t Wait to Protect Your Business

Although the consequences of insider threats may be disastrous, you don’t have to face this problem alone. If you are wondering how you can mitigate these threats and prevent losses, we’ve got you covered. Reach out to us today to understand the different ways by which you can build a resilient cybersecurity posture against insider threats.

 
 
 
Article curated and used by permission.
 
 
Data Sources:

 

• Bitglass 2020 Insider Threat Report
• https://www.zdnet.com/article/how-one-hacked-laptop-led-to-an-entire-network-being-compromised/
• https://www.theregister.com/2017/09/22/it_contractor_logic_bombed_army_payroll
• https://www.fbi.gov/news/stories/two-guilty-in-theft-of-trade-secrets-from-ge-072920
• https://www.bankinfosecurity.com/ex-cisco-engineer-pleads-guilty-in-insider-threat-case-a-14917
• https://www.justice.gov/opa/pr/prc-state-owned-company-taiwan-company-and-three-individuals-charged-economic-espionage
• https://edition.cnn.com/2018/11/30/tech/samsung-china-tech-theft/index.html
• IBM Cost of Insider Threats: Global Report 2020

The COVID-19 pandemic has changed everything about the world as we know it. Just as we started embracing new practices like sanitizing, social distancing and remote working, the pandemic has also forced us to embrace systemic changes in the ways we deal with cyberthreats. In fact, the FBI has reported an increase in cyberattacks to 4,000 per day in 2020, which is 400 percent higher than the attacks reported before the onset of the coronavirus.

Since remote working is here to stay, the trend in increasing cyberattacks is expected to continue well into the future. Moreover,  business technologies are also transforming, attracting more cybercriminals to target business data. In these circumstances, the best solution is to build your cyber resiliency and protect yourself from unforeseen attacks.

Remote Working and Cybersecurity

Cybersecurity has always been a challenge for businesses with sensitive data. A single unexpected breach could wipe out everything and put your existence in question. With the sudden transition to remote working, this challenge has increased manifold for security teams. From the potential safety of the remote working networks to trivial human errors, there are endless ways in which your IT network could be affected when employees are working remotely.

A study by IBM Security has estimated that about 76 percent of companies think responding to a potential data breach during remote working is a much more difficult ordeal. Also, detecting breaches early is another big issue for IT security teams. The same study by IBM has estimated that it takes companies roughly about 197 days to detect a breach and 69 days to contain it. Is your cybersecurity posture good enough to withstand a potential attack?

Threats You Need to Be Aware of

Cyberthreats come in different shapes and forms. From a simple spyware monitoring your network transactions to a full-fledged ransomware attack that holds all your critical data for a ransom, there are multiple ways in which your IT network could be affected. Only when you get the idea of the potential risks surrounding your IT infrastructure, you can build a resilient cybersecurity strategy that enhances your IT environment and keeps vulnerabilities at bay.

Let’s look at some of the common cyberthreats that businesses faced in 2020:

• Phishing scams: Phishing emails still pose a major threat to the digital landscape of many business organizations across the globe. COVID-19 communications have provided the perfect cover for these emails to lure unsuspecting users. By creating a sense of urgency, these emails might persuade your employees to click on malware links that could steal sensitive data or install malicious viruses inside a computer.
• Ransomware: Targeted ransomware attacks are increasing every day. It is estimated that a ransomware attack will happen every 11 seconds in 2021. Ransomware attacks hold an organization’s critical data for a ransom, and millions of dollars are paid to hackers every year as corporates do not want to risk losing their sensitive data. However, there is no guarantee that your files will be secure even after you pay the ransom.
• Cloud Jacking: With the cloud becoming a more sophisticated way of storing data, incidents of cloud jacking has become a serious threat. These attacks are mainly executed in two forms – injecting malicious code into third-party cloud libraries or injecting codes directly to the cloud platforms. As estimated by the 2020 Forcepoint Cybersecurity Predictions, a public cloud vendor is responsible for providing the infrastructure while most of the responsibility concerning data security rests with the users. So, bear in mind, you are mostly responsible for your data security even when it is on the cloud.
• Man-in-the-middle attack: Hackers can insert themselves in a two-party transaction when it happens on a public network. Once they get access, they can filter and steal your data. If your remote working employees use public networks to carry out their official tasks, they are vulnerable to these attacks.
• Distributed Denial-of-Service attack: This attack happens when hackers manipulate your normal web traffic and flood the system with resources and traffic that exhaust the bandwidth. As a result, users will not be able to perform their legitimate tasks. Once the network is clogged, the attacker will be able to send various botnets to the network and manipulate it.

 

Protecting Your Business from Cyberthreats

Security readiness is something all organizations must focus on irrespective of their size. It is mandatory to have an action plan that outlines what needs to be done when something goes wrong. Most importantly, it is critical to have a trusted MSP partner who can continuously monitor your IT infrastructure and give you a heads-up on usual activities.

Investing in cybersecurity solutions is way cheaper than losing your critical data or paying a large ransom. You need to deploy advanced solutions that can keep up with the sophisticated threats of this modern age. Then, there is a list of best practices such as multi-factor authentication, DNS filtering, disk encryption, firewall protection and more.

If all these aspects of cybersecurity sound daunting to you, fret not. Reach out to us today to get a full understanding of the vulnerabilities in your network and how you can safeguard your data with the right tools and techniques.

 
 
 
Article curated and used by permission.
 

Data Sources:

• https://www.prnewswire.com/news-releases/top-cyber-security-experts-report-4-000-cyber-attacks-a-day-since-covid-19-pandemic-301110157.html#:~:text=Cybercrime%20Statistics%20During%20the%20Pandemic,they%20were%20seeing%20pre%2Dcoronavirus

• IBM 2020 Cost of a Data Breach Report

• https://www.idagent.com/blog/10-2020-ransomware-statistics-that-you-need-to-see/

• 2020 Forcepoint Cybersecurity Predictions and Trends

The COVID-19 pandemic has changed everything about the world as we know it. Just as we started embracing new practices like sanitizing, social distancing and remote working, the pandemic has also forced us to embrace systemic changes in the ways we deal with cyberthreats. In fact, the FBI has reported an increase in cyberattacks to 4,000 per day in 2020, which is 400 percent higher than the attacks reported before the onset of the coronavirus.

Since remote working is here to stay, the trend in increasing cyberattacks is expected to continue well into the future. Moreover,  business technologies are also transforming, attracting more cybercriminals to target business data. In these circumstances, the best solution is to build your cyber resiliency and protect yourself from unforeseen attacks.

Remote Working and Cybersecurity

Cybersecurity has always been a challenge for businesses with sensitive data. A single unexpected breach could wipe out everything and put your existence in question. With the sudden transition to remote working, this challenge has increased manifold for security teams. From the potential safety of the remote working networks to trivial human errors, there are endless ways in which your IT network could be affected when employees are working remotely.

A study by IBM Security has estimated that about 76 percent of companies think responding to a potential data breach during remote working is a much more difficult ordeal. Also, detecting breaches early is another big issue for IT security teams. The same study by IBM has estimated that it takes companies roughly about 197 days to detect a breach and 69 days to contain it. Is your cybersecurity posture good enough to withstand a potential attack?

Threats You Need to Be Aware of

Cyberthreats come in different shapes and forms. From a simple spyware monitoring your network transactions to a full-fledged ransomware attack that holds all your critical data for a ransom, there are multiple ways in which your IT network could be affected. Only when you get the idea of the potential risks surrounding your IT infrastructure, you can build a resilient cybersecurity strategy that enhances your IT environment and keeps vulnerabilities at bay.

Let’s look at some of the common cyberthreats that businesses faced in 2020:

• Phishing scams: Phishing emails still pose a major threat to the digital landscape of many business organizations across the globe. COVID-19 communications have provided the perfect cover for these emails to lure unsuspecting users. By creating a sense of urgency, these emails might persuade your employees to click on malware links that could steal sensitive data or install malicious viruses inside a computer.
• Ransomware: Targeted ransomware attacks are increasing every day. It is estimated that a ransomware attack will happen every 11 seconds in 2021. Ransomware attacks hold an organization’s critical data for a ransom, and millions of dollars are paid to hackers every year as corporates do not want to risk losing their sensitive data. However, there is no guarantee that your files will be secure even after you pay the ransom.
• Cloud Jacking: With the cloud becoming a more sophisticated way of storing data, incidents of cloud jacking has become a serious threat. These attacks are mainly executed in two forms – injecting malicious code into third-party cloud libraries or injecting codes directly to the cloud platforms. As estimated by the 2020 Forcepoint Cybersecurity Predictions, a public cloud vendor is responsible for providing the infrastructure while most of the responsibility concerning data security rests with the users. So, bear in mind, you are mostly responsible for your data security even when it is on the cloud.
• Man-in-the-middle attack: Hackers can insert themselves in a two-party transaction when it happens on a public network. Once they get access, they can filter and steal your data. If your remote working employees use public networks to carry out their official tasks, they are vulnerable to these attacks.
• Distributed Denial-of-Service attack: This attack happens when hackers manipulate your normal web traffic and flood the system with resources and traffic that exhaust the bandwidth. As a result, users will not be able to perform their legitimate tasks. Once the network is clogged, the attacker will be able to send various botnets to the network and manipulate it.

 

Protecting Your Business from Cyberthreats

Security readiness is something all organizations must focus on irrespective of their size. It is mandatory to have an action plan that outlines what needs to be done when something goes wrong. Most importantly, it is critical to have a trusted MSP partner who can continuously monitor your IT infrastructure and give you a heads-up on usual activities.

Investing in cybersecurity solutions is way cheaper than losing your critical data or paying a large ransom. You need to deploy advanced solutions that can keep up with the sophisticated threats of this modern age. Then, there is a list of best practices such as multi-factor authentication, DNS filtering, disk encryption, firewall protection and more.

If all these aspects of cybersecurity sound daunting to you, fret not. Reach out to us today to get a full understanding of the vulnerabilities in your network and how you can safeguard your data with the right tools and techniques.

      Article curated and used by permission.  

Data Sources:

• https://www.prnewswire.com/news-releases/top-cyber-security-experts-report-4-000-cyber-attacks-a-day-since-covid-19-pandemic-301110157.html#:~:text=Cybercrime%20Statistics%20During%20the%20Pandemic,they%20were%20seeing%20pre%2Dcoronavirus

• IBM 2020 Cost of a Data Breach Report

• https://www.idagent.com/blog/10-2020-ransomware-statistics-that-you-need-to-see/

• 2020 Forcepoint Cybersecurity Predictions and Trends