Cybersecurity Threats and Attacks: The Insider Edition

May 2022
Reprinted from Dendify. View the original article

It's on the mind of businesses every day: what can we do to protect our organization against the ever-escalating tide of cybersecurity threats and attacks?

Every year, more than 34% of businesses globally are affected by an unexpected cybersecurity risk, insider threats. To eradicate and minimize these threats starts with understanding what it is, then developing a layered cybersecurity process that includes behavior training and policies combined with technology such as managed detection and response.

What Is an Insider Threat?

Insider threats are risks that most organizations don't like to talk about – it's a sensitive topic and uncomfortable conversation. These threats can come from many different and unanticipated vulnerabilities. The threat may originate from within your organization or come from a third-party with access to sensitive data.

The Cyber and Infrastructure Security Agency (CISA) defines insider threat as when an insider uses their authorized access, wittingly or unwittingly, to harm the organization's mission, resources, personnel, facilities, information, equipment, networks, or systems.

Human behavior is impulsive, and our responses can be emotional, which is why an insider threat can be so unpredictable. Insider threats strain team dynamics, resulting in 'finger-pointing' among personnel and diminished employee and company morale. It can negatively affect business continuity and profitability. Possible ramifications are data loss, IP theft, loss of contracts, and damage to reputation with customers and clients. 

Different Types of Insider Threats

Unintentional

Unintentional cyber threats come from negligent behavior, such as not following a clean desk policy and letting sensitive information, documents, and files remain accessible during non-work hours. An effective data security policy and procedure include a clean desk policy, which means employees clear their desks at the end of each day, removing all papers from view, securing confidential information, or shredding data when necessary. This procedure lessens the risk of non-employees or others gaining the knowledge they shouldn't have access to.

Negligent employees can also become an insider threat when they don't follow established cybersecurity protocols and procedures. An example is engaging with shadow IT, which is the use of information technology systems, devices, software, applications, and services without explicit IT department approval. When these types of applications are used under the organization's radar, there's no way for the organization to protect against this unknown risk.

Insider threats can also be accidental, for example, clicking on a phishing email that looks like it's coming from an approved vendor or customer. It also arises from complacency or human error, such as a code misconfiguration. One mindset is to only provide employees with the privileges they need to do their jobs to avoid the potential for unintentional loss of data. Also referred to as the least privilege principle, workers only have access to what they need to complete their daily tasks. Social engineering awareness training, such as phishing simulations can also increase awareness and overcome potential weaknesses.

Consistent social engineering training is the key to spotting a phishing email. Find out how to implement a successful employee security awareness program within your organization. 

Intentional Insider Threats

Intentional insider threats are malicious in nature and include espionage, terrorism, IP theft, and more. Bad actors may revert to corruption, including participation in transnational organized crime. Sabotage stemming from workplace violence or disgruntled workers may also result in cybersecurity threats and attacks. Bad actors seek revenge against their former employer or willfully conduct fraud to disrupt operations.

Third-party

Cybersecurity risk has expanded, and the supply chain and third-party software providers are also under attack. Cyber breaches can move up and down the supply chain and whomever you do business with. Vendor software may be under scrutiny by malicious actors looking to gain access to third-party software you use to conduct business or provide managed services.

Vulnerabilities may also extend to contractors not adhering to security policies and include consultants, advisors, and even sales reps, who can obtain and leak customer lists and pricing information to competitors. Third-party and supply chain vulnerabilities can be successfully addressed by a cybersecurity process that focuses on management strategies, risk assessments, and network scanning and testing. 

What’s the Cybersecurity Threat?

There are many ways data can be stolen or compromised by an insider threat.

  • They can send information that can be intercepted through email or messenger apps.
  • An insider threat can upload sensitive data to cloud storage, and compromised information may include photocopies, prints, or information copied to an external storage device (USB).
  • Decommissioned laptops, desktops, cellphones, hard drives, tablets, and other devices hold information that's no longer used but not protected.
  • Technical resources can misconfigure tech. For example, an IT pro may neglect to lock down a firewall or other network port after providing service. 

Real-Life Examples of Cybersecurity Threats and Attacks from the Inside

In early April, Fintech giant Block, formerly known as Square, confirmed a data breach that affected more than eight million users. This breach involved a former employee who downloaded reports from Cash App that contained U.S. customer information.

A Pennsylvania law firm accused four of its former lawyers of stealing files, shredding documents, deleting emails, and breaching fiduciary duties when they left the employer and went to another firm.

The city of Dallas suffered massive data loss stemming from employee negligence in April 2021 – in this case, video, photos, audio, case notes, and other files were deleted – slowing prosecutions and losing archived files which had been maintained for trial evidence.

Marriott Hotels and Resorts were hit with a data leak due to a compromised third-party vendor app, with almost 339 million hotel guests affected. Lost credentials included passport data, contact information, gender, birthdays, loyalty account details, and personal preferences. The breach levied a multi-million-dollar fine on Marriott for failure to comply with General Data Protection Regulation (GDPR) requirements.

How to Stay Ahead of Insider Threats

Insider threats can be both intentional and unintentional. Identifying insider threats and addressing potential risks starts with continuous cybersecurity awareness training to ensure every employee knows how to detect risk and respond within approved guidelines.

Some 54% of organizations believe that the most important factor enabling insider attacks was the lack of employee awareness and training. Getting ahead of cyberattacks takes open, cross-departmental communication and establishing strong pillars of cybersecurity. Data use policies, training, and managed detection and response work together to monitor, detect and contain potential threats and incidents before they escalate.