False-positive cybersecurity alerts may expose organizations to data breaches instead of protecting...
4 Insider Threats to Watch Out For
Cybersecurity challenges have become a major problem for organizations of all types around the globe, especially insider threats. It seems that just when one major breach is announced by the media, another more significant threat is there to take its place in the headlines.
The recent Equifax breach, for example, exposed some 145.5 million people to identity theft and potentially significant financial losses.
Cybersecurity breaches can be very costly. Cybercrime damage is expected to cost $6 trillion annually by 2021―roughly the annual GDP of Germany and the UK combined.
But what many people don’t know is that many cybersecurity threats are actually initiated by carelessness, greed, or ignorance on the part of employees who are fooled into allowing nefarious actors into company networks.
A 2016 study by IBM found that 60 percent of all cyberattacks were carried out by employees or other insiders.
These are some of the most common entry points and methods that cybercriminals rely on to dupe unwitting employees into handing over the keys to your company’s networks and confidential information.
Human Error
Who can forget the time honored phrase “to err is human”? It’s true that we all make mistakes from time to time, but when mistakes happen and they affect your organization’s network in ways that expose vulnerabilities or allow intruders to sniff for morsels of information for financial gain, it becomes a major problem.
The 2016 IBM study found that an astonishing 95 percent of security mishaps involved human error―everything from phishing scams to visiting phony websites to activating malware by clicking on links or downloading fake apps.
Hijacking Identities
One way hackers prey on human vulnerability is by coercing people into thinking they owe money to entities like the IRS or that they stand to gain financially by clicking on a link and following the instructions at a bogus website, where the victims unwittingly offer up key credentials.
Once the attackers have the employee’s credentials, they are free to move about the network unseen and will use the employee’s identity to make unauthorized payments, order goods and merchandise, or spy to glean corporate trade secrets.
Terminated Employees
Once employees are let go for a given reason, they often feel like exacting revenge for some perceived wrong that they believe a former employer caused them. The financial disruption and stigma of being suddenly out of work often drives terminated employees to make bad decisions―and this can often be compounded if they believe they were let go for personal reasons.
A recent study conducted by the CERT Division at Carnegie Mellon University documented over 1,000 cases of sabotage and identity theft caused by disgruntled insiders who attacked normal business operations by deleting critical data and blocking system access, among other disruptions.
If IT admins don’t immediately shut down a former employee’s access to the company’s networks―passwords, building entrance codes, etc.―the potential for a malcontented former employee to exact major damage in a short period of time is exponentially increased and a very real threat to contend with.
Third Parties
Some of the biggest internal cybersecurity threats lately are linked to third-party vendor breaches, and the issue appears to be getting worse. A 2016 study found that a whopping 63 percent of all data breaches can be attributed to a third-party vendor.
Part of the problem is that IT professionals are often required to provide third-party access to new supply chain partners, yet at the same time they often consider the process a nuisance and don’t see third-party access as a top security priority.
Finding Solutions
Increasingly, many employers are stepping up to the plate to train employees on how to identify and mitigate cybercrime threats. A good training program should cover topics such as:
- Avoiding the discussion of confidential information with third parties
- Discouraging the practice of leaving sensitive documents on desks when not at work
- Avoiding the use of USB storage devices
- Sharing passwords or using easily guessed passwords
- Clicking on suspicious email links
- Conducting an audit of your cybersecurity practices
In addition, employers are beginning to initiate more vigorous background checks that investigate not only past criminal activity but also social media presence and other online behavior.
Another way IT professionals are addressing insider threats is by granting scaled network security access to employees based on their role within the organization and job function.
This type of graduated approach toward granting network access privileges is pivotal in making it more manageable to track which employees, if any, accessed certain areas of the network during a cyberattack or other security incident.
Managing insider threats will always be a moving target, but the combination of a proactive and creative IT posture with ongoing employee training will go a long way toward crippling the efforts of nefarious actors bent on causing organizational disruptions and benefiting financially.