Insiders Are Cyber Criminals Favourite Connection

Employees pose a formidable threat to cyber incident response teams and as insider threats they are an ongoing top danger for companies. Many companies fail to consider that their people are just as important as the software they use when it comes to protecting themselves against cyber threats. 
 
There is an assumption that employees, particularly new starters, have a basic knowledge of IT and IT security, but these skills are not being checked within the first month of employment. Trying to reduce this risk is really difficult to mitigatie and incident-response teams face a range of challenges.
 
Discussions with various incident-response teams has revealed that between 25 to 30 percent of data breaches often involve an external hacker working with an internal employee to crack the organisation’s IT system. There are various methods of detection when it comes to insider threats, including monitoring the log data of employees, and tracking if they download substantial amounts of data to external drives. 
 
Any attempts to bypass security controls or access confidential data that is irrelevant to an employee’s role should be tracked and monitoring employees who access data outside of normal working hours. ​Additionaly, emailing sensitive data to a personal account and excessive uses of printers and scanners are other indicators of insider threats.
 
There are emerging challenges when it comes to monitoring employees without violating privacy laws. With the increase of bring your own device (BYOD) policies, many companies walk a fine line in monitoring employees for insider threats, and balancing that surveillance with employee data privacy. As an example, the General Data Protection Regulation (GDPR) does not explicitly change rules on employee monitoring, but the privacy law does include a number of provisions which will make monitoring more difficult for companies. Under GDPR, employers must seek out valid consent from employees when they monitor their devices.
 
Complying with GDPR mean that the organisation must tell employees that they are being monitored and so potential criminal assistants will know how to avoid being watched.
 
This mean that companies must navigate intentional malicious threats, for instance, a disgruntled employee who wants to destroy or steal data from his employer. They must watch for insiders who are stealing data for the benefit of outsiders, versus unintentional threats, such as a careless worker who may misappropriate resources, mishandle data, open phishing emails or install unauthorised applications.
 
While both types of employees are detrimental to companies, different types of mitigation efforts are needed for each one. For instance, human resource-related efforts are a top priority when rooting out rogue employees, including background checks, non-disclosure agreements and more, while training can help stomp out “unintentionally” malicious employees.
 
How Are Employees Targeted By Hackers?
There are a number of low-tech methods that are adopted by hackers that specifically target employees, some of which may seem too simple to be believed. Methods include: 
  • Social engineering - hackers posing as people within an organisation to obtain access to the network, for example, presenting themselves as a member of IT security and asking for a network password.
  • Baiting - hackers use data captured about an employee to trick them into revealing information. An example is using the information listed publicly on LinkedIn to target a junior employee by posing as the CEO to request an action to be carried out.
  • Unsubscribe buttons - hackers coax employees into downloading malware by hiding links to malware sites in email unsubscribe buttons, which must be included on all marketing emails.
  • Keylogger - also known as keyboard capturing, this technique records and stores strokes of a keyboard and can often pick up personal email IDs, passwords and other sensitive data.
  • Internal threats - current or former employees can gain unauthorised access to confidential data, or infiltrate a business’s network with malicious intent. This can include infecting machines with keylogging software or ‘shoulder surfing’, the act of observing someone typing their password. 
As many as 65% of UK professionals did not receive mandatory IT training in their first month of employment in their current or most recent role.
 
Of these individuals, 74% had never received any IT training at all in their current or more recent role, despite 86% of all respondents saying that they worked on a computer every day. In addition, there is a consensus that employers do not value the ongoing development of employees’ IT skills, as 45% of respondents said that they felt their employer didn’t take this issue seriously. Only 11% said they felt that their managers take the matter of their wider IT knowledge “very seriously”.
 
What Should Businesses Do To Improve Cyber Security Amongst Employees?
An effective cyber security strategy must involve appropriate controls to maintain a base level of security, and a monitoring system to look for attempts to violate the policy. This should be underpinned by training for all employees. It is in the best interest of all businesses to ensure their workers have all the knowledge, awareness and skills they need to help protect an organisation against cyberattacks and data breaches.
 
Each and every person in the workforce, from the minute they are employed, should receive IT training to help them understand data management, protection and disposal best practice. The threat of cyberattacks should never be underestimated, and it is up to employers to ensure that their staff have the tools they need to ensure company data is protected at all times.
 
Most of the threats related to unaware or careless employees, including spam, phishing and ransomware, can be addressed with endpoint security solutions. There are tailored products that can cover particular needs of SMB and Enterprise-level companies in terms of functionality, pre-configured protection or advanced security settings.
 
Overall, while there is evidently much more work to do before businesses are secure from the actions of their own employees, it is nevertheless refreshing to see that many businesses are recognising this, and starting to address the threat from within, with additional training, solutions and human resources.
 
Cyber Employee Training and cyber Audit Strategy Information:-
 
Please Contact Cyber Security Intelligence if you would like more information for Employee Cyber Training and Data/Information Audits and Strategy.  
 
Kaspersky:          Threatpost:              PrivSec:
 
You Might Also Read:
 
Creating A Cyber Incident Response Policy:
 
One in Four Workers Would Steal Company Information:
 
 
 
 
« Ransom Attack Strikes New Orleans
The Biggest Cyber Attack Of 2020 Has ‘Already Happened’ »

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

Thursday, August 20, 2020 - Join SANS and AWS Marketplace to learn the exercise of applying MITRE’s ATT&CK Matrix to the AWS Cloud and how to enhance threat detection and hunting in an AWS environment

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

Tenable Network Security

Tenable Network Security

Tenable Network Security - Don't rely only on CVSS to prioritize. Use machine learning to predict what is most likely to be exploited.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

NCC Group

NCC Group

NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape.

Digital DNA

Digital DNA

Digital DNA provides Law-Enforcement-Grade Computer Forensics, Cyber Security and E-Discovery Investigations.

Covenco

Covenco

Covenco specialises in delivering data recovery and business continuity solutions and services.

Zurich

Zurich

Zurich’s Security and Privacy policy is designed to manage financial and reputational costs as a result of a breach of network security or unauthorized access or release of private information.

MindTerra

MindTerra

MindTerra is a comprehensive IT security services company. From information security consultancy and risk assessment to system design, installation and project management.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.