Insiders Are Cyber Criminals Favourite Connection

Uploaded on 2019-12-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Employees pose a formidable threat to cyber incident response teams and as insider threats they are an ongoing top danger for companies. Many companies fail to consider that their people are just as important as the software they use when it comes to protecting themselves against cyber threats. 
 
There is an assumption that employees, particularly new starters, have a basic knowledge of IT and IT security, but these skills are not being checked within the first month of employment. Trying to reduce this risk is really difficult to mitigatie and incident-response teams face a range of challenges.
 
Discussions with various incident-response teams has revealed that between 25 to 30 percent of data breaches often involve an external hacker working with an internal employee to crack the organisation’s IT system. There are various methods of detection when it comes to insider threats, including monitoring the log data of employees, and tracking if they download substantial amounts of data to external drives. 
 
Any attempts to bypass security controls or access confidential data that is irrelevant to an employee’s role should be tracked and monitoring employees who access data outside of normal working hours. ​Additionaly, emailing sensitive data to a personal account and excessive uses of printers and scanners are other indicators of insider threats.
 
There are emerging challenges when it comes to monitoring employees without violating privacy laws. With the increase of bring your own device (BYOD) policies, many companies walk a fine line in monitoring employees for insider threats, and balancing that surveillance with employee data privacy. As an example, the General Data Protection Regulation (GDPR) does not explicitly change rules on employee monitoring, but the privacy law does include a number of provisions which will make monitoring more difficult for companies. Under GDPR, employers must seek out valid consent from employees when they monitor their devices.
 
Complying with GDPR mean that the organisation must tell employees that they are being monitored and so potential criminal assistants will know how to avoid being watched.
 
This mean that companies must navigate intentional malicious threats, for instance, a disgruntled employee who wants to destroy or steal data from his employer. They must watch for insiders who are stealing data for the benefit of outsiders, versus unintentional threats, such as a careless worker who may misappropriate resources, mishandle data, open phishing emails or install unauthorised applications.
 
While both types of employees are detrimental to companies, different types of mitigation efforts are needed for each one. For instance, human resource-related efforts are a top priority when rooting out rogue employees, including background checks, non-disclosure agreements and more, while training can help stomp out “unintentionally” malicious employees.
 
How Are Employees Targeted By Hackers?
There are a number of low-tech methods that are adopted by hackers that specifically target employees, some of which may seem too simple to be believed. Methods include: 
  • Social engineering - hackers posing as people within an organisation to obtain access to the network, for example, presenting themselves as a member of IT security and asking for a network password.
  • Baiting - hackers use data captured about an employee to trick them into revealing information. An example is using the information listed publicly on LinkedIn to target a junior employee by posing as the CEO to request an action to be carried out.
  • Unsubscribe buttons - hackers coax employees into downloading malware by hiding links to malware sites in email unsubscribe buttons, which must be included on all marketing emails.
  • Keylogger - also known as keyboard capturing, this technique records and stores strokes of a keyboard and can often pick up personal email IDs, passwords and other sensitive data.
  • Internal threats - current or former employees can gain unauthorised access to confidential data, or infiltrate a business’s network with malicious intent. This can include infecting machines with keylogging software or ‘shoulder surfing’, the act of observing someone typing their password. 
As many as 65% of UK professionals did not receive mandatory IT training in their first month of employment in their current or most recent role.
 
Of these individuals, 74% had never received any IT training at all in their current or more recent role, despite 86% of all respondents saying that they worked on a computer every day. In addition, there is a consensus that employers do not value the ongoing development of employees’ IT skills, as 45% of respondents said that they felt their employer didn’t take this issue seriously. Only 11% said they felt that their managers take the matter of their wider IT knowledge “very seriously”.
 
What Should Businesses Do To Improve Cyber Security Amongst Employees?
An effective cyber security strategy must involve appropriate controls to maintain a base level of security, and a monitoring system to look for attempts to violate the policy. This should be underpinned by training for all employees. It is in the best interest of all businesses to ensure their workers have all the knowledge, awareness and skills they need to help protect an organisation against cyberattacks and data breaches.
 
Each and every person in the workforce, from the minute they are employed, should receive IT training to help them understand data management, protection and disposal best practice. The threat of cyberattacks should never be underestimated, and it is up to employers to ensure that their staff have the tools they need to ensure company data is protected at all times.
 
Most of the threats related to unaware or careless employees, including spam, phishing and ransomware, can be addressed with endpoint security solutions. There are tailored products that can cover particular needs of SMB and Enterprise-level companies in terms of functionality, pre-configured protection or advanced security settings.
 
Overall, while there is evidently much more work to do before businesses are secure from the actions of their own employees, it is nevertheless refreshing to see that many businesses are recognising this, and starting to address the threat from within, with additional training, solutions and human resources.
 
Cyber Employee Training and cyber Audit Strategy Information:-
 
Please Contact Cyber Security Intelligence if you would like more information for Employee Cyber Training and Data/Information Audits and Strategy.  
 
Kaspersky:          Threatpost:              PrivSec:
 
You Might Also Read:
 
Creating A Cyber Incident Response Policy:
 
One in Four Workers Would Steal Company Information:
 
 
 
 
« Ransom Attack Strikes New Orleans
The Biggest Cyber Attack Of 2020 Has ‘Already Happened’ »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

Variti

Variti

Variti Intelligent Active Bot Protection technology — traffic analysis, detection and stopping of malicious bots in real-time and effective response to DDoS attacks.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

Cynomi

Cynomi

Cynomi is a leading strategic cybersecurity operations platform that automates cybersecurity knowledge and expertise to empower teams with little to no in-house expertise.

PhishProtection

PhishProtection

We created Phish Protection to prevent all types of phishing including spear phishing protection and office 365 email protection for your small business.

SecOps Group

SecOps Group

SecOps Group is a boutique cybersecurity consultancy helping enterprises identify & eliminate security risks on a continuous basis.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

CyberSanctus

CyberSanctus

CyberSanctus provide clients with a variety of pentest plans from the entry level starter plan, which is tailored for personal websites, to enterprise level pentests, tailored for large scale business

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Calamu

Calamu

Calamu is a software-defined storage security and resiliency platform that keeps your data secure and accessible wherever you choose to store it.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.