What if the biggest cyber threat is working within your organization?
When security breaches make headlines, they tend to be about some external attackers from another country or the failure of some technology. These are the most interesting topics to read and one of the most common and easier for the hacked companies to admit. But, is it always the person that’s living in some other part of the world that’s behind the biggest data breaches?
The answer is simple, it’s a NO! It does not matter what happened or who caused it. Directly or indirectly it is often caused due to the negligence of an insider.
So what’s an insider threat?
Insider threat is the cyber risk that is caused to an organization due to the behavior of its employees. This could be because of one’s negligence, lack of awareness or worst case due to people with malicious intent.
Does it really harm the organization?
Never forget that your employees have access to all of your internal information and that’s the most dangerous aspect of an insider. They are your assets, which sometimes works as a valuable piece, and sometimes the same piece could be used against you and your organization.
The same knife that chops vegetables can sometimes cut your finger instead too!!
I hope this makes much sense. An outsider has to go multiple steps before they reach your data but someone who works inside already has enough information.
However, while industries and organizations differ by many things such as the volume of their assets and different technology infrastructures they manage and defend, despite of all these difference, the one thing they have in common is people, working for them and with them — all of whom ate potentially to be an insider threat.
Some of the biggest data breaches due to Insider
- Twitter (2020): Recently, in an apparent hack, a spike of high profile accounts including those of Elon Musk, Bill Gates, Barack Obama, Uber, and Apple tweeted cryptocurrency scams by promising people to double their investments.
It was believed to be a social engineering attack by people who successfully targeted some of twitter’s employees with access to internal systems and tools. Once they were aware of the incident, they immediately locked down the affected accounts and removed Tweets posted by the attackers. You can further read valid tweets from twitter support here.
2. Tesla(2019): Tesla hit by insider saboteur who changed code, exfiltrated data.
“One of the insiders conducted quite huge and extensive damage to the operation of Tesla, which included making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties.” as per Mosk. You can read the full details here.
3. Capital One (2019): Single insider caused a great threat by compromising 100 million customers accounts
One of the cloud engineers working in the organization managed to exploit a loophole in a Capital One application’s firewall to gain access to the information. This incident involved the theft of more than 100 million customer records, 140,000 Social Security numbers and 80,000 linked bank details of Capital. You can view detailed description here.
4. Phillips Research Center(2019): Hundreds of files stolen that consisted of technology product worth a billion dollars
One of the insider abused his position as a materials scientist files and stole the files he had access to as a scientist. In his plea, he acknowledged that he knew what he was taking was a protected trade secret to which he had no claim of ownership. You can further read about the incident here.
5. Snapchat(2016): Most of the people reading this article right now might be familiar with this application.
An attacker pretending to be Snapchat’s current CEO, had tricked one of the employee to email him payroll information from around 700 current and former employees of the company. And as a result, number of employeeshad their identity compromised. You can further read about it here.
Why and How Insiders cause data breach?
There is no certain answer to this question since data leaked by insiders are unknowingly or knowingly done. However, either way causes a huge threat to the organization. One of the main reason why insider threats have now become more risk could be because,
Organizations are overlooking the most harmful data security threat: their own employees.
At some point, employees decide to change their career or their organization due to their personal reasons. Some leave on a positive note while some leave with a negative note. Does not matter! The question here is are they just taking the memories or worst case, also pocketing confidential data, negatively impacting their former colleagues.
Some of the possible insider threats could be :
- Insiders manipulated into performing malicious activities, often unintentionally, through phishing or social engineering
- Can be someone who does not have any malicious intent but take deliberately and potentially harmful activities such as storing crucial information without any encryption,
- Worst case could be someone who collaborates works with a third party, competitors and nation-states, to use their access in a way that intentionally causes great harm to the organization.
- Could be someone who works individually and act maliciously without external influence or manipulation, causing whistle blow or huge data leakage.
- Could be one of the employees who just left your organization dissatisfied because they can be more liable to pose as insider threats out of a desire for revenge by stealing data and selling it to the competitors.
You can read further on such types of internal threats here.
Best practice to mitigate the internal threat?
Remember! If you treat them right, chances are they will treat you right back!
- Use insider-centric security policies.
- Establish a security incident and response team, responsible for preventing, detecting, and handling any suspicious incidents.
- Look for unused accounts and disable or remove them if possible.
- Remove access, disable accounts, and shatter all the files he/she holds permanently as soon as possible when staff departs.
- Have a good practice of secure coding strictly if you are running a software company.
- Either the data is at rest or motion make sure to encrypt data.
- Make investments on your employees to make them happy and have a table talk if you feel anyone is not happy.
- Provide employees with security awareness
Conclusion: Most organizations tend to add additional security measures focusing on external threats and are not always capable of identifying an internal threat emanating from inside the organization, which as a result can cause a great loss of the organization. Remember! Insider holds the key to all your valuable information and maybe it’s time that organizations focus on the different possibilities of attack insiders could unknowingly or maliciously cause.