Ransomware is a growing epidemic. 2022 saw a slew of high-profile attacks leading to massive paydays for cybercriminals. While the headlines sound the alarm for businesses concerned about their data safety, they create allure amongst would-be thieves looking for their next payday.
Cybercrime has become a lucrative industry at the cutting edge of innovation. Bad actors will stop at nothing to devise new ways of cashing in, and thwarted attempts only cause them to work more diligently to succeed.
High Stakes
The stakes are high in ransomware attacks, and the price tag is only part of the story. Despite government commitment to thwart cybercrime rings and protect victims, the chase involves a fast-moving (and extremely cunning) target. Cybercriminals work just as hard to conceal their identities and location as they do to exploit weaknesses and capture valuable data to hold hostage.
And that’s what it becomes: a hostage standoff. Criminals hold crucial data and demand a hefty sum to return it to the rightful owner. Organizations not only stand to lose money in this scenario, but the damage to their reputation and trustworthiness in the market can be challenging to recover from. Customers place high trust in the safety of their personal information, and it’s the company they hold accountable – not the thieves – if it slips into the wrong hands.
The Human Element
While many organizations now know the value of protecting their networks, there’s more to cyber safety than securing the perimeter and enforcing passwords. Threats don’t always fit the Hollywood trope of a faceless, tech-savvy person working tirelessly in a dimly lit room. Sometimes, the threat ignites a little closer to home.
Types of Insider Threats
Criminals know you’re bulking up your security measures and trying to plug any holes at the server or network level to protect yourself, your end users, and your data. When your hardware and software are more secure, the low-hanging fruit is capitalizing on the human element and gaining entrance through a person within your organization.
Negligent Employees
Not every insider threat is due to nefarious activity by someone you know. Sometimes, it’s an honest mistake. Negligent employees pose a significant risk to your organization. Simply stepping away from an unlocked computer or using insecure networks can easily create a security loophole. Negligence can also come in the form of naivety, such as sharing login credentials or trusting a colleague with private access because they otherwise trust them. A negligent employee may also be careless, simply unaware they are falling for a social engineering or phishing scheme.
Shortcut Takers
Not all security measures are streamlined, unfortunately. Some require a few extra steps and take a bit more time. Inevitably, if there is a way around these measures, some employees will find it. Shortcut-taking end users may sidestep policies and protocols to save themselves time and effort but threaten the security posture of the entire network in doing so.
Third-party Users
An often-forgotten security aspect rests in third-party partners’ hands (and credentials). That includes contractors, suppliers, and collaborators. Effectively, anyone granted access privileges can result in a data breach, particularly if their access is not well-defined and closely managed.
Opportunistic Employees
Unfortunately, malicious employees do exist. Malicious insiders take advantage of an opportunity to profit or benefit from leaking information or make a point when they feel scorned. Malicious actors could act alone, or people on the outside could coerce them through bribes or blackmail.
Former Employees
Opportunistic employees may also be opportunistic ex-employees. When users leave the company – voluntarily or involuntarily – they may decide to take valuable data or trade secrets with them. Taking intellectual property threatens organizations, notably if it is delivered to the competition.
Threat Landscape and Best Practices
Threats come in many shapes, sizes, and roles. Common insider threats include:
- Employees
- Executives
- Former Employees
- Board Members
- Contractors and Service Providers
- Partners
- Facility Staff
Insider threats, by their very nature, pose a unique challenge for organizations:
“Insider threats can turn an organization’s security model on its head. While most traditional threat prevention focuses on keeping bad guys out or detecting indicators of threats, malicious insiders are already inside and typically can use valid access to get to the data that they need.”
It’s crucial to have a robust security strategy that accounts for outside threats and inside risks. User accounts should be well maintained and access privileges well defined. Creating a risk-aware culture helps stave off threats due to naivety or negligence and ensures whistleblowers know where to speak up if they see something they’re concerned about.
It’s also crucial to fully vet third-party partners who will be given access to your systems or data. Allow only the access truly required by these end users and enforce strong authentication and password requirements.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.