Very little changes from year to year among the top cyber threats. Topping the list are the usual suspects: Phishing, Malware, Ransomware etc. These are among the prominent standard-bearers of the cybercrime industry. Only the technology and, to a lesser extent, the tactics evolve - and whoever provides your IT Support had better be on top of it.
Take a Cybersecurity poll among prominent members of the IT Support Los Angeles community, and you should find that 9 out of 10 can immediately tell you what is new and different about the nature of cyber threats in relation to last year. This is a great test for your IT services provider – whether in-house or an outsourced Managed IT Services company. Anyone who is not up to date should be replaced. Your data is your business’ life. Protect it.
Make no mistake: cybercrime of all types is one of the most rapidly growing industries in the world – next to Cybersecurity. Each separate ‘Cybergang’ treats it as a business and just as in any industry, different gangs have their own specialties.
Just below the threat matrix lie the strategies and tactics of the attacks themselves. Rising steadily every year is the danger of the insider threat.
In effect, the main form of insider threat is the human error which enables the success of a cyber-attack, and your IT services and the best Cybersecurity in the world cannot stop the ‘click’ that releases malware into the system – they can only clean up the mess as quickly as possible. This is why a strong standard of Security Awareness Training is imperative.
What causes insider threat?
According to Proofpoint, “An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization's critical information or systems. This person does not necessarily need to be an employee – third party vendors, contractors, and partners could pose a threat as well.”
By ‘misuse’, it is important to understand that the person who enables the threat to take root may be either purposely malicious or disgruntled or simply an untrained and unwitting accomplice – a dupe.
One thing every criminal needs is a mark - a victim. This could be the enterprise as a whole, but mainly the dupe or unwitting accomplice is an employee who falls for a scam – usually a Phishing email.
What are the four types of insider threats?
The four main threat categories:
Sabotage: The insider has legitimate access, but purposely damages or destroys data or systems.
Fraud: For purposes of deception, the insider steals, modifies or destroys data.
Intellectual Property Theft: The insider steals the company’s intellectual property for profit – either by reselling or taking to a new employer.
Espionage: Theft of data for the benefit of another specific organization.
The #1 Best Practice:
Create an Office Cybersecurity Culture. To get you started, please read our previous blog HERE.
Frequently Asked Questions
Q: Who would be an insider threat?
A: The six insider types that may perpetrate threats:
Negligent employees: This is the most commonplace – they are usually untrained and unaware of threats such as phishing emails bearing a malicious links or attachments. Data breaches caused by negligence are primarily unintentional but place the organization at risk.
Malicious employees: As it sounds, these are disgruntled employees with a grievance against the company. To spot these, Human Resources should work with IT Support. It cannot be taken for granted that an employee who has been disciplined or passed over for a raise or promotion may harbor malicious feelings. They need to be monitored.
Departing employees: Whether the employee’s departure is voluntary or involuntary, this is a very real threat. Data (such as client information) theft and intellectual property are the two principal areas of focus, as they can enhance the departing employee’s performance at their next company. Dell performed a survey in which they found that approximately ONE THIRD of employees took company data with them when they left an organization.
Inside agents: These are nefarious because they expect to stay with the company while doing the bidding of others. Their participation could be due to social engineering, extortion, or some other type of coercion. They function the same way a spy story ‘mole’ operates.
Cybersecurity evaders: Employees who do not follow Cybersecurity policies and practices. They find ways around security measures because they are time-consuming and viewed as a hindrance. But in trying to make their jobs easier, they create ‘blind spots’ in the company’s control over its data which can lead to data breaches.
Third-party partners: Not all insider threats are truly on the inside. According to One Identity, 94% of organizations allow suppliers, vendors, and associated companies with access to their network with varying levels of permission. If you think it’s difficult to track your own employees, think about all the employees at all your third-party partners.
Q: What are some indicators of insider threat behavior?
A:
Unusual logins: Behavior in the workplace becomes predictable. Just like in a fairly normal-looking phishing email, anything out of place needs to be scrutinized. “Joe logs in at 8am and out at 5pm every weekday. Why is he logging in remotely at 11pm on a Saturday?”
Too many privileges: If a middle manager is assigning too many heightened permissions to employees that shouldn’t have such escalated privileges, he/she may just be trying to make their own job easier, but this places the company at risk. Employees must be on a ‘need to know’ basis.
Unusual behavior: For example, when an employee goes from happy and gregarious to sullen and quiet, something is going on. It may have no ramifications for the company, but it must be examined.
Downloading too much data: If an employee’s workstation shows a stable, steady history of data downloading, but it starts massively increasing, something is not right. Your IT Support team should routinely be checking these levels for just such increases.
Use of unauthorized applications: People don’t use what they don’t need for their job. Use – or repeated attempts to log into unauthorized applications sends up a red flag. Another area IT Support should be monitoring.
What scenario might indicate a reportable insider threat?
Aside from IT Support monitoring who is doing what on the network, behavioral issues are a prime indication. There are almost infinite ways this can manifest itself: drastic mood changes or sudden affluence (“Hey Bob – how can you afford to trade in your Toyota Camry for a Maserati?”) etc.
How are insider threats prevented?
There is no one technology that can prevent insider threats: Only ongoing vigilance from your IT Services, management, HR, and employees can sound alarm bells. Simply put, “If you see something, say something.”
Is your network secure?
The first two lines of defense are ongoing Security Awareness Training and the best Cybersecurity to protect your data from theft. Please talk to us about both. IT Support LA offers a FREE, no-risk network and security assessment. No strings, and no obligation.
Just fill out the form on this page or call us at:
818-805-0909
