Companies are not identifying Insider Threat blind spots according to the latest findings by Dtex Systems. The new report reveals that 90% of assessments discovered that negligent employees were transferring company data to unencrypted and unauthorized USB devices, with 91% indicating that negligent employees were expanding the phishing attack surface by accessing personal web mail accounts on company machines – a behavior up 4% in the last 12 months. IT security experts commented below.
Bob Noel, Director of Strategic Relationships and Marketing at Plixer:
“Traditional security models focused on the perimeter, with the assumption that the greatest risks existed outside of the organization, and on efforts to prevent bad things from happening. The reality is that insider threats pose significant risk, and breaches are inevitable. Organizations must adopt modern cybersecurity strategies that include people, process and technology aimed at incident response. Visibility into users, network traffic and application data is required to uncover what is happening on the inside. Security teams must evaluate and implement emerging technologies like network traffic analysis to monitor every conversation on the network to identify insider threats and anomalous behavior. They need historical forensic data, coupled with defined workflows for how to navigate that data, to support effective incident response when these inevitable breaches occur.”
Andy Norton, Director of Threat Intelligence at Lastlin:
“With the exception of DDoS, if a threat is not on the inside it’s not much of threat. The infiltration of internal networks is considered in the report, along with negligence and malicious users. Disgruntled employees manifest risk to any organisation, not just in the cyber realm. The real challenge in the cyber sense is dealing with infiltration and intrusion by external parties with internal credentials.
Phishing is one method to initiate infiltration; there is a ‘one to one’ relationship between the phishing attacks and the credential stolen. Even if the attack is successful there are many opportunities to detect and remediate the infiltration.
The larger problem is the amount of malware families that have credential stealing and key logging capacity, that can steal multiple credentials at once. It’s not uncommon to see fifty plus credentials exfiltrated to crime groups from a single infection. Remediating this type of risk, is extremely complicated because the extent of the exfiltration is seldom fully uncovered, leaving the victim and every organisation with stored credentials on that system vulnerable to insider credential based infiltration.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.