Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

Insider Threat

Are trusted employees your biggest threat?

960 640 Stuart O'Brien

Trusted employees have access to company-sensitive information, assets and intellectual property, and permission to make financial transactions – often without requiring any further approval.

Attackers target these privileged, trusted people – impersonating suppliers, regulators and colleagues – and try to encourage them to do something they have permission to do, but shouldn’t, like diverting payments to a different account.

As far as they’re aware, they’re not doing anything wrong…

Find out how to combat this threat at: https://www.corvid.co.uk/blog/are-employees-your-biggest-threat

Could your most trusted employee be your biggest threat?

960 640 Guest Post

95% of cyber security breaches are due to human error, which in reality means it could be any user, at any time. The best bit? They probably won’t even know they’re doing something wrong, but they have inadvertently just become an unintentional insider threat. As Andy Pearch, Head of IA Services, CORVID, explains, organisations need to stop playing the blame game and pointing fingers at users when the system is compromised and instead ensure they have the right technology in place to take back control of their security defences.

Unintentional insider threats

A person becomes an unintentional insider threat when they unwittingly allow a cyber attacker to achieve their goal – whether that’s a breach of systems or information, or diverting payments to a criminal’s account. This can be through negligence or lack of knowledge, but can also be a result of just doing an everyday job.

Unintentional insider threats are particularly dangerous because the traditional methods of identifying insider threats don’t work – they don’t try to hide emails or files, because as far as they’re aware, they’re not doing anything wrong. If an attacker presents themselves as a legitimate person with the right credentials to request a change, the unsuspecting employee will probably respond exactly as the attacker was hoping.

Trusted employees have access to company-sensitive information, assets, and intellectual property, and permission to make financial transactions – often without requiring any further approval. Threat actors target these privileged, trusted people – impersonating suppliers, regulators, and known colleagues – and try to encourage them to do something they have permission to do, but shouldn’t.

Removing reliance on users

Email allows threat actors to communicate with users with almost no defensive barriers between them. Even the most diligent employee gets distracted, rushed, or slightly too tired, which is all it takes for a malicious email to achieve its objective – whether that’s clicking a link, opening an attachment, or trusting the email’s source enough to reply. Employees don’t expect to be attacked in a safe office environment but threat actors prey on this perceived safety to catch them off guard and socially engineer them into doing something they shouldn’t.

Many people think they know what a spam email looks like, but 97% of people are unable to identify a sophisticated phishing email. This is hardly surprising when considering there are, comparatively, so few highly-convincing fake emails; because they aren’t seen every day, employees aren’t always looking out for them. Then there are some methods of impersonation that organisations can’t realistically be expected to detect – for example, spotting the difference between a 1, l, and I (1, L, and i, respectively). Attackers know that employees aren’t meticulously scanning every email for tiny details like this, so they take advantage. If an organisation’s email security currently relies on users correctly identifying malicious emails 100% of the time, quite simply, their defences are going to succumb to attack.

Preventing the unintended

Research shows that 90% of organisations feel vulnerable to insider attacks, so now is the time for change. Monitoring normal access and behaviour patterns can give early warning signs of potential intentionally malicious activity, but the same can’t be said for unintentional insiderthreats. The attacker’s request could be comfortably within the scope of an employee’s daily duties.

The information available to users is often insufficient for them to determine whether an email is legitimate. As such, they should be suspicious and challenge requests, especially if they’re unexpected or urgent. Checks should also be put in place for a second pair of eyes to confirm certain requests before any action is taken, for example, changing payment details or making unscheduled wire transfers. If the request is for a financial transaction or asks for sensitive or personal information, phone the person who made the request (or better still, speak to them face-to-face) to confirm it’s genuine.

There is only so much humans can do. By having technology in place that alerts users to potentially malicious content and enables them to make an informed decision about an email’s nature and legitimacy before acting on it, organisations can take back control of their security defences instead of playing the blame game and pointing fingers at users when the system is compromised.

What keeps you up at night? It’s users, isn’t it

960 640 Stuart O'Brien

Ninety-two per cent of organisations’ biggest security is concern is users, with 81% having some degree of concern around security issues.

A new report, What Keeps You Up At Night 2019 – commissioned by security awareness training company KnowBe4 – looked at over 350 organisations globally.

The research was carried out against a background in which AI and machine learning are being leveraged by criminal organisations to help them better understand how to improve their attacks, targeting specific industry verticals, organisations and even individuals.

In the results, increases in the frequency of ransomware, phishing and crypto jacking attacks were experienced by businesses of nearly every size, vertical and locale.

When it came to attack vectors, data breaches were the primary concern, with credential compromise coming in as a close second.

The report says these two issues go hand-in-hand, as misuse of credentials remains the number one attack tactic in data breaches, according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings from the report include: 

• 92% of organisations rank users as their primary security concern. And at the same time, security awareness training along with phishing testing topped the list of security initiatives that organisations need to implement. 

• Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate; in terms of attacks, 95 per cent of organisations are most concerned with data breaches.

• Ensuring security is in place to meet GDPR requirements is still a challenge for 64 per cent of organisations, despite the regulation details being out for quite some time.

• Attackers’ utilisation of compromised credentials is such a common tactic, 93 per cent of organisations are aware of the problem, but still have lots of work to do to stop it. 

• When it comes to resources, 75 per cent of organisations do not have an adequate budget.

“2018 was a prolific year for successful cyberattacks, and many of them were caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start with establishing a security culture, and in order to combat the escalation of social engineering, they have to ensure users are trained and tested.” 

INFOGRAPHIC: Is your biggest security threat already inside your organization?

960 640 Stuart O'Brien

The person in the cubicle next to you could be your company’s biggest security threat.

The large-scale attacks we’re accustomed to seeing in the news — Yahoo, Equifax, WannaCry ransomware — are massive data breaches caused by cyber criminals, state-sponsored entities or hacktivists. They dominate the news cycle with splashy headlines that tell an all-too recognizable story: one of name-brand corporations vs. anonymous cyber villains.

We focus in outsider threats because they’re both terrifying and thrilling, and because they’re familiar. They often have a clear-cut storyline, one that we’ve seen before. But the hyper-focus on cyberattacks caused by outside parties can lead organizations to ignore a major cybersecurity threat: insiders already in the organization.

We’ve seen these threats before too: attacks of dramatic espionage from Snowden, Reality Winner and Gregory Chung — but insider threats aren’t always so obvious, and they pose a risk for organizations that don’t operate in the national security space. In fact, research suggests that insider threats account for anywhere from 60 to 75 percent of data breaches.

They’re dangerous for a number of reasons, including because of how much they vary: from rogue employees bent on personal gain or professional revenge to careless staffers without proper cybersecurity training, insider threats can come from almost anyone, making them a prime concern for businesses. Check out our full infographic to learn more about the motives and methods behind these types of threats.

To view the Infographic, click here.