THE OUTSIDE THREAT IS GROWING
The sophistication and number of successful global cyberattacks are on pace to set a new record in 2017. The average cost of a data breach based on the Ponemon Institute’s 2017 study is $3.62M. A quick check of the State of California Attorney General ecrime “Wall of Shame” lists breaches of businesses in 2017 ranging from Car Washes to Fortune 500 companies.
With over 5,000 cybersecurity products on the market generating an estimated $80B annually, finding the right solution is getting harder as the number and type of threats continue to increase. Companies are often forced into a DIY architecture cobbling together a mix of tools to protect critical systems and data from exploitation.
Insiders are frequently called the First Line of Cyber-Defense. In actuality, Insiders are the toughest threat to defend against and potentially your company’s biggest cybersecurity risk.
WHAT IS AN INSIDER?
Insiders are typically associated with the malicious actions of disgruntled employees. The term has a broader application to include Current or Former Company Employees, Contractors, Temporary Freelancers, Third Party Business Partners and other vendors having access to your Networks, Systems, and Data. For discussion purposes, we will focus on the most likely threats you will encounter, Malicious Insiders and Negligent Insiders, excluding Compromised Users (e.g. Edward Snowden, Chelsea Manning, etc.)
The Malicious Insiders engage in intellectual property and data theft, system sabotage, or fraud. A poll conducted in late 2016 found a 1:50 ratio of suspected malicious insiders. Threats from malicious insiders are often associated with departing or former employees or contractors. In some cases, the malicious Insiders have no intention of leaving, instead, use their access to systems and data for illicit purposes.
Negligent Insiders are careless with their actions that can unintentionally do as much or more harm than Malicious Insiders. These Insiders open phishing email attachment, clicking on malicious URLs installing malware or ransomware on their computers.
CYBERATTACKS USING PHISHING TACTICS TRENDING UP
During Q2 2017 there was a 24% increase of attacks using phishing emails with malicious attachments. Email was the primary method of malware delivery during the same quarter. Web applications accounted for 21% of attacks from website downloads or sites with malvertising code that bypasses ad blockers. And in 2016, 91% of all cyberattacks and the resulting data breach began with a spear phishing email. Even the best tools are no match against negligent Insiders opening phishing email attachments or visit compromised websites.
SOCIAL MEDIA PHISHING TACTICS ARE EVOLVING
Insiders visiting social media sites are another cyber-risk to your company. A clicked link from a social media platform can be as malicious a threat as a phishing email. In May 2017, a U.S. Department of Defense employee fell prey to a phishing scheme on Twitter promising a free vacation. With Twitter’s 140-character limit and shortened links, the probability of getting someone to click through on malicious links increases up to 66% over email. Similarly, Facebook messages can contain similar phishing attempts to extract personal account data that can then potentially be used to access company accounts. With over 500 million users, LinkedIn is another social media source bad actors use to gain detailed access to information, company information, using InMail for tailored phishing schemes. Again, another attack vector to exploit negligent or careless Insiders.
WHAT YOUR COMPANY CAN DO TO ADDRESS INSIDER THREATS - TODAY
We recommend your company consider the following steps as countermeasures to protect against potential insider threats.
- Promote cybersecurity awareness from the top down. The Executive Leadership team must frequently communicate protection of your company’s Information Assets is everyone’s responsibility, not just the IT Departments.
- Deploy behavior-based anomaly detection processes and tools that can detect suspicious access patterns and other unusual activity within your network and systems to root of malicious insiders.
- Separation of Duties is not just for the accounting department. Strictly enforce policies and controls surrounding separation of duties to minimize opportunities for Insider unauthorized access to your Information Assets.
- Workforce cybersecurity training is too frequently an annual affair or worse, after a data breach. Increase the frequency of training, communicate “Cybersecurity Tips” via company communications channels. Keep your company and supplier ecosystem aware of current threats to help reduce negligence or carelessness.
- Try gamification of cybersecurity training as a method to get Insiders (not just employees) engaged and aware of the correct behaviors. An engaged workforce will be less inclined to make negligent or careless mistakes.
- Perform Cybersecurity Business Risk Assessments at least semiannually to measure the effectiveness of your company’s cybersecurity risk management efforts from an organizational performance.
- Consider running tabletop practice breach simulations to prepare for when (not if) your company experiences a breach. Assigning roles throughout the organization will prepare your company for an incident response and contribute to raising awareness within the company.