Insiders Are Cyber Criminals Favourite Connection

Employees pose a formidable threat to cyber incident response teams and as insider threats they are an ongoing top danger for companies. Many companies fail to consider that their people are just as important as the software they use when it comes to protecting themselves against cyber threats. 
 
There is an assumption that employees, particularly new starters, have a basic knowledge of IT and IT security, but these skills are not being checked within the first month of employment. Trying to reduce this risk is really difficult to mitigatie and incident-response teams face a range of challenges.
 
Discussions with various incident-response teams has revealed that between 25 to 30 percent of data breaches often involve an external hacker working with an internal employee to crack the organisation’s IT system. There are various methods of detection when it comes to insider threats, including monitoring the log data of employees, and tracking if they download substantial amounts of data to external drives. 
 
Any attempts to bypass security controls or access confidential data that is irrelevant to an employee’s role should be tracked and monitoring employees who access data outside of normal working hours. ​Additionaly, emailing sensitive data to a personal account and excessive uses of printers and scanners are other indicators of insider threats.
 
There are emerging challenges when it comes to monitoring employees without violating privacy laws. With the increase of bring your own device (BYOD) policies, many companies walk a fine line in monitoring employees for insider threats, and balancing that surveillance with employee data privacy. As an example, the General Data Protection Regulation (GDPR) does not explicitly change rules on employee monitoring, but the privacy law does include a number of provisions which will make monitoring more difficult for companies. Under GDPR, employers must seek out valid consent from employees when they monitor their devices.
 
Complying with GDPR mean that the organisation must tell employees that they are being monitored and so potential criminal assistants will know how to avoid being watched.
 
This mean that companies must navigate intentional malicious threats, for instance, a disgruntled employee who wants to destroy or steal data from his employer. They must watch for insiders who are stealing data for the benefit of outsiders, versus unintentional threats, such as a careless worker who may misappropriate resources, mishandle data, open phishing emails or install unauthorised applications.
 
While both types of employees are detrimental to companies, different types of mitigation efforts are needed for each one. For instance, human resource-related efforts are a top priority when rooting out rogue employees, including background checks, non-disclosure agreements and more, while training can help stomp out “unintentionally” malicious employees.
 
How Are Employees Targeted By Hackers?
There are a number of low-tech methods that are adopted by hackers that specifically target employees, some of which may seem too simple to be believed. Methods include: 
  • Social engineering - hackers posing as people within an organisation to obtain access to the network, for example, presenting themselves as a member of IT security and asking for a network password.
  • Baiting - hackers use data captured about an employee to trick them into revealing information. An example is using the information listed publicly on LinkedIn to target a junior employee by posing as the CEO to request an action to be carried out.
  • Unsubscribe buttons - hackers coax employees into downloading malware by hiding links to malware sites in email unsubscribe buttons, which must be included on all marketing emails.
  • Keylogger - also known as keyboard capturing, this technique records and stores strokes of a keyboard and can often pick up personal email IDs, passwords and other sensitive data.
  • Internal threats - current or former employees can gain unauthorised access to confidential data, or infiltrate a business’s network with malicious intent. This can include infecting machines with keylogging software or ‘shoulder surfing’, the act of observing someone typing their password. 
As many as 65% of UK professionals did not receive mandatory IT training in their first month of employment in their current or most recent role.
 
Of these individuals, 74% had never received any IT training at all in their current or more recent role, despite 86% of all respondents saying that they worked on a computer every day. In addition, there is a consensus that employers do not value the ongoing development of employees’ IT skills, as 45% of respondents said that they felt their employer didn’t take this issue seriously. Only 11% said they felt that their managers take the matter of their wider IT knowledge “very seriously”.
 
What Should Businesses Do To Improve Cyber Security Amongst Employees?
An effective cyber security strategy must involve appropriate controls to maintain a base level of security, and a monitoring system to look for attempts to violate the policy. This should be underpinned by training for all employees. It is in the best interest of all businesses to ensure their workers have all the knowledge, awareness and skills they need to help protect an organisation against cyberattacks and data breaches.
 
Each and every person in the workforce, from the minute they are employed, should receive IT training to help them understand data management, protection and disposal best practice. The threat of cyberattacks should never be underestimated, and it is up to employers to ensure that their staff have the tools they need to ensure company data is protected at all times.
 
Most of the threats related to unaware or careless employees, including spam, phishing and ransomware, can be addressed with endpoint security solutions. There are tailored products that can cover particular needs of SMB and Enterprise-level companies in terms of functionality, pre-configured protection or advanced security settings.
 
Overall, while there is evidently much more work to do before businesses are secure from the actions of their own employees, it is nevertheless refreshing to see that many businesses are recognising this, and starting to address the threat from within, with additional training, solutions and human resources.
 
Cyber Employee Training and cyber Audit Strategy Information:-
 
Please Contact Cyber Security Intelligence if you would like more information for Employee Cyber Training and Data/Information Audits and Strategy.  
 
Kaspersky:          Threatpost:              PrivSec:
 
You Might Also Read:
 
Creating A Cyber Incident Response Policy:
 
One in Four Workers Would Steal Company Information:
 
 
 
 
« Ransom Attack Strikes New Orleans
The Biggest Cyber Attack Of 2020 Has ‘Already Happened’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Zayo

Zayo

Zayo is a leading global bandwidth infrastructure services provider for high-performance connectivity, secure colocation and flexible cloud services.

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

National Agency for Information & Communication Technologies (ANTIC) - Cameroon

ANTIC is responsible for regulating the activities of electronic security and regulation of the Internet in Cameroon.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Intigriti

Intigriti

Intigriti helps companies protect themselves from cybercrime. Our community of ethical hackers provides continuous, realistic security testing to protect our customer’s assets and brand.

CyberHub

CyberHub

CyberHub is an educational platform that offers professional courses and knowledge sharing through articles and videos to help students discover their potential in cybersecurity.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.