According to a study from Kroll, insider threats accounted for 35% of all unauthorized access threat incidents in the third quarter of 2022. That’s a 10% increase from just the previous quarter! This complicated threat is not going away any time soon.
What is an insider threat, and why is it such a prevalent problem? An insider threat consists of malicious behavior against an organization from individuals within that organization. Employees, former employees, contractors, or business associates can be hazards. An insider threat is unique, in the landscape of cyber threats that companies face. It is extremely difficult for a security team to detect and respond to an insider threat before they inflict damage on the company. There have been some “big name” insider threat incidents. The most well-known is the Snowden breach. In 2013 Edward Snowden stole and leaked classified documents related to operations of the US Department of Defense. The morality of his actions is still under fierce debate, but his actions are textbook insider threat behavior. He tried to access systems he didn’t have any reason to, he kept strange hours at the office, and he had been in correspondence with foreign entities(journalists).
Snowden is an example of a professional or malicious insider threat. Other types of insider threats include oblivious and negligent insiders. Oblivious and negligent insiders are not malicious. Oblivious insider behavior becomes a problem when one is not following cyber security best practices, being careless with critical information, or fall victim to social engineering attacks from malicious actors. Negligent insiders are similar to oblivious ones. They are not malicious, but they are still a threat to the organization. Negligent insiders are usually the result of poor end user training, or they are just trying to complete their tasks faster and find “shortcuts” that can compromise security.
What can you do to spot an insider threat? What are the indicators of a potential insider incident? The prominent indicators are performance, foreign connections, abusive behavior, a casual security attitude, poor financial situations, substance abuse, and personality issues. Teach your employees to look out for each other. If an employee is struggling, they are more likely to become an insider threat. Financial issues could make them more susceptible to a bribe. A casual security attitude could result in a careless insider incident. Personality issues like substance abuse or narcissistic behaviors could also indicate a human vulnerability that could lead to an insider incident.
How can you prevent insider threat incidents from occurring at your company? Here are six mitigations cybersecurity experts will recommend you take, in order to reduce the risk of an insider threat event.
1. Thoroughly screen new hires
Thoroughly screen potential new hires through background checks and speaking with former employers and references.
2. Apply user access management
Limit access to secure data by enforcing the principles of least privilege and ensure your security team has a method of attributing behavior to individual users.
3. Conduct security awareness training
Require regular training sessions to teach your employees to avoid and spot security risks. The training should include topics such as identifying phishing emails, the importance of secure remote access, and how to respond to cyber-attacks.
4. Monitor employees for abnormal behavior
Establish a baseline of normal behavior for each employee. Once you have established a metric of “normal behavior”, watch for deviations from that baseline and act immediately when such deviations are detected. While occasional deviations do not mean that an employee is malicious, it is still crucial to follow up on these incidents.
5. Mitigate opportunities for malicious insiders
Limit the availability and ease of access to corporate data. Ensure sensitive data is properly labeled. Make sure your security posture is strong. This will act as a deterrent to potential insider and external threats.
6. Find an insider threat solution
Insider threat mitigations should be a priority at every organization. Find a third-party to preform insider threat assessments and penetration tests. Put your security under intense scrutiny, because insider and outsider threats will do the same when preparing to attack.
Recent insider incidents include big name companies like Meta, Yahoo, and Microsoft. In November of 2022 Meta fired and disciplined over twenty-four employees and contractors who allegedly took over user accounts for their own purposes. Some of the incidents involved bribery. In one case, a contractor was found to have reset multiple accounts after a hacker sent them bitcoin payments. Other employees and contractors claim to have been “tricked” into filing false reports and giving access to accounts to malicious actors who did not own those accounts. This incident is a combination of malicious, professional, and negligent insider threats. In May of 2022, Qian Sang, a research scientist, stole Yahoo’s proprietary data about AdLearn products. Sang stole an estimated 570,000 pages of intellectual property. He is currently facing three criminal charges. This is an example of a malicious insider. He intended to use this data to help him at his new job with Yahoo’s competitor The Trade Desk. In August 2022, several Microsoft employees exposed credentials to Microsoft’s GitHub infrastructure. This information could have given attackers access to servers and internal systems. Luckily for Microsoft, the credentials were spotted by the cybersecurity firm SpiderSilk. SpiderSilk immediately notified Microsoft, who were able to take action so no one gained access with those compromised credentials. This is an example of oblivious and/or negligent insider threats. These employees are not believed to have acted maliciously, but their carelessness almost cost the company millions of dollars in fines as well as devastating public relations issues. Thorough security training could have completely avoided this security incident.
With the Covid-19 pandemic, and the resulting hybrid workforce. New avenues for insider threats are being discovered every day. New challenges bring new risks. However, if your organization follows cyber security “best practices” you will stay ahead of the shifting threat landscape, avoiding financial, public relations, and human resource catastrophes.
Insider threats are a growing cybersecurity problem for businesses
For The Full Article Visit LinkedIn Article