Insider Threats Are A Clear And Present Danger For Large and Small Businesses

Sometimes companies and government entities find themselves most vulnerable to the enemy within.

For some the idea of insider threats evokes images of a cloak and dagger spy drama, but the truth is they present a risk to everything from small and large businesses to large government organizations.

Insider threats often go undetected until it’s too late, which is why the damage they cause can be so severe. While it can be difficult to peg the motives of an insider acting against the best interests of the company, the fact that they may have intimate access to various sensitive assets, such as data, bank accounts, or administrative controls makes a rogue actor a huge liability.

It is difficult forget the recent drama that unfolded after Oyster Protocol’s anonymous founder went rogue and hijacked the company’s smart contract, so he could effectively mint PRL for free and steal nearly $300,000 worth by wash trading it on KuCoin days before the exchange instigated KYC protocols. It serves as a fine reminder that insider threats are an unpredictable menace.

Even companies that are household names are no impervious to the danger of malicious insiders. Earlier this year electric carmaker Tesla reported that it had discovered someone in the organization had sabotaged the company after being passed up for a promotion. The unidentified individual not only sold stolen sensitive intellectual property to unknown competitors, but had also made malicious alterations to code that CEO Elon Musk classified as “quite extensive and damaging sabotage to our operations,” in a company-wide email.

Even top government agencies face threats from within. In the case of former NSA employee Nghia Hoang Pho, who illegally kept highly classified national defense information in his home dwelling, the lapse in security landed the former Top Secret and Sensitive Compartmented Information (SCI) clearance holder a 66 month prison sentence. Pho’s plea agreement states that over a period of five years between 2010 and 2015 Pho took and kept U.S. Government property such as Top Secret and SCI in multiple locations throughout his Maryland residence.

Extensive privileges can often be the weak link in the chain with regard to security concerns. A recent audit of The Science and Technology (S&T) Directorate performed by the Department of Homeland Security (DHS) sought to identify threats to the division whose labs perform research on everything from chemical and biological threats, animals diseases, transportation security, radiological and nuclear detection, to explosives trace identification.

According to an unclassified summary of the DHS report, “S&T employees, contractors, and business partners — especially those with special or elevated privileges — can potentially use their inside knowledge and access to exploit vulnerabilities and cause harm to mission-critical systems and operations.”

Taking the right approach to security for your business can be the difference between success and failure. Start by performing an audit to make sure you’re following best practices. If you see strange patterns emerging in employee behavior like odd server access during off hours, it might be a good idea to cautiously investigate it; if it’s nothing to worry about, you don’t want to overreact, but if you spook a malicious actor, chances are good they’re going to redouble their efforts to not be caught while continuing to damage your business. It’s also not a bad idea to clear out the cobwebs on your server by deleting old accounts, particularly those of former employees, that might have access they don’t need to have.

The approach to combatting insider threats takes constant vigilance. Verifying who is accessing your systems is vital when it comes to mitigating this threat. This can be done with two factor authentication (2FA) methods for accounts with privileges in order to ensure someone isn’t posing as an employee by remotely accessing resources. Some of the most effective forms of 2FA involve physical tokens, or authentication applications that operate independently from the presence of a SIM card, to avoid SIM spoofing.

Whether you run a government lab, a multibillion dollar corporation, or a startup, taking security seriously today will give you piece of mind in the future. To help, MetaCert has built a tool we hope will help to put an end to threats that may present themselves in emails. Right now it’s being tested, but you can sign up here to join to our beta program.

Check out this demonstration to see what you’re signing up for:

☞ Don’t forget to click 👏🏻 to let the MetaCert team and others know how much you appreciate this post.

☞ Join our Telegram channel where you can engage with the core team and the community. https://t.me/metacert

☞ Remember you can join our beta program to test our new email security tool. Sign up today!