Monday, December 4, 2023

Insider Threats: Factors in Your Business that Could Make you Vulnerable

In June 2018 an ex-employee of the global conglomerate Coca-Cola was discovered with confidential files in her possession which she had been exfiltrating from the organization for five years during her employment. It was estimated that this caused 119 million Dollars in damages to Coca-Cola. This is one of many horror stories where a trusted insider caused a data breach.

Insider risk management has since become a crucial component of cyber security for many organizations. Insider threats are harder to spot than malware or brute force breaches and require specialized permission policies and capable monitoring software to detect and address them before a serious breach takes place. 

Insider Threats Defined

In a recent, global, study by the Ponemon Institute, three key sources of insider threats to businesses have been identified. In each of these sources, confidential information was compromised by someone who had legitimate authorization to access the compromised system and/or information. The threats, as the name suggests, arose from inside the organization.

These kinds of threats are particularly bothersome and notoriously hard to detect without real-time monitoring of strict operating procedures.

Employee Negligence

Every organization has a set of security rules and best practices when it comes to cyber security. Employee negligence can be categorized as Employees not adhering to these prescribed cyber security policies and procedures. Be it leaving their workstations unattended or sharing confidential information with external parties, negligent employees can cause damage. This kind of insider threat is by far the most prevalent and has somewhat been exacerbated by the work-from-home model.

Malicious Activities

It is a natural evolution for employees to be given increased access to information and resources as their roles evolve. All employees are, however, not benevolent, and elements do exist inside an organization that would, with malicious intent, exploit an organization for nefarious reasons.

When employees are implicitly trusted with confidential information, the risk of malicious activities is greater. Organizational cyber security policies should always be adhered to no matter the seniority of employees, although this kind of risk can originate from any employee.

Credential Thieves

The third vertical of insider threat is one where a legitimate user account is compromised. Although this might be a threat actor accessing the organization from an external network, the user account is still recognized as an internal user due to the nature of the user account. Although the occurrence of this kind of insider threat is relatively less than the previous risks listed, cyber security specialists worldwide agree that it is on a steady rise in relationship to other insider threats.

Threat actors are becoming more creative in the ways they utilize social engineering to gain access to authorized employee user accounts. Apart from being difficult to detect, threat actors often know what they are looking for causing this kind of internal threat to be extremely dangerous.

Indications That Your Business Might be at Risk

Since insider threats are, for the most part, driven by the human element it should come as no surprise that most of the key risk indicators of insider threats are qualitative. Insiders are not identified through normal means such as firewalls and intrusion detection systems.

Some key indicators should raise red flags though. Typically, employees whose data consumption habits suddenly change. These habits can be discovered by monitoring software and strong access management, such as least privilege and zero trust.

  • Trying to access and download large volumes of data and institutional knowledge.
  • Employees who are consistently trying to access resources they don’t have access to.
  • Emailing confidential information to recipients outside of the organization.
  • Unsanctioned use of mass storage devices on managed infrastructure.

In Conclusion

While user training plays a central role in educating employees about the cost of negligence, insider threats often reach past the employee who has no intention to cause harm. Organizations, that wish to protect themselves from this kind of threat, should address the matter purely from a cyber security perspective.

Definitive user access policies should be implemented where zero trust is enforced. To improve visibility organizations can implement real-time monitoring solutions to keep an eye on the data access and consumption habits of authorized user accounts.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles