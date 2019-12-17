The focus on cybersecurity has been unduly on external forces, not much attention has been placed on inside sources but it’s greatly dawning on organizations that whether through the spread of malware, spyware or viruses, the probability of having insiders creating as much damage as outside attackers are very high indeed. Those you trust and consider loyal can be a great source of danger.
The focus has been on protecting your perimeters while doing a less-than-adequate job protecting your enterprise from employees (current and former), business partners, vendors, contractors, interns, and even customers. While most of your attention is focused on internet-based attacks, your trusted allies who are inside the perimeter cause the vast majority of security incidents and can do the most damage.
The reason is not far-fetched. They have a very good understanding of your network layouts, applications, staff, and business practices.
Institutional laxity invites insider problems. Going by the report from the Department of Justice's Office of the Inspector General, it’s evident that the major problem was not really Hanssen's brilliance as a spy, but rather the bureau's failure to implement and enforce strong insider security procedures was the fundamental reason for his success over 20 years.
This scenario is not peculiar to the FBI alone. Businesses all over the world place insiders to very few controls, relying on trust rather than any sort of technical or procedural countermeasures.
What you get from this laxity could be any of sabotaged systems, destroyed data, stolen credit card information, etc. The DOJ's report also revealed some other inside jobs listed below:
- A worker in GTE's Network Service Support Center in Tampa, Fla., erased data that led to a loss of more than $200,000.
- A computer programmer for North Carolina-based Lance who was annoyed over a demotion went ahead to plant a logic bomb that took field sales reps' computers offline for days.
- A pair of Chase Manhattan Bank employees stole credit card numbers, which they used to steal nearly $100,000.
How you can prevent the following insider security threats
Most times, your insider threat does not come from outright malicious intentions, your employees can unwittingly sabotage systems and create computer security vulnerabilities through utter ignorance. They can make simple mistakes such as clicking rigged links in emails, messaging apps, and advertisements that will be entry points for hackers to surveil your company with dire consequences.
You must, therefore, keep an eye out for these threats from insiders.
Virus
A computer virus is a corrupt code that can steal passwords, spam contacts, corrupt files, log keystrokes, and even take over the infected device. In order for you to become infected, someone from your establishment must deliberately or inadvertently spread the infection.
The case of the city of Akron, Ohio, suffered a virus attack in January 2019, quickly comes to mind. The threat in question was traced back to ransomware set off after two employees opened fake invoices sent through spam emails.
Spyware
Any software that is installed on your device without your permission is categorized as spyware, even when you mistakenly download it for a harmless purpose. Examples of spyware include Adware, Trojans, and keystroke loggers.
If you don’t have antispyware tools, it will be pretty difficult for you to detect spyware on your network. The best way to prevent incidents of spyware is to ensure that your remote workers access resources over a network through a virtual private network that includes a security scan component.
You also must take cautionary measures by making sure you read and understand terms and conditions before installing any software, avoiding pop-up ads, and ensure your employees download software from only trusted sources. Amnesty International reported that the organization uncovered targeted digital attacks against two prominent Moroccan Human Rights Defenders (HRDs) using NSO Group’s Pegasus spyware.
The research carried out by the organization revealed that these targeted attacks have been ongoing since at least 2017. The attacks were carried out through SMS messages carrying malicious links that, if clicked, would attempt to exploit the mobile device of the victim and install NSO Group’s Pegasus spyware.
Once hackers are able to install the spyware, they will be able to remotely monitor your employees and at the same time have access to messages, calendars, contacts, and its microphone.
Malware
The malicious software, which is also known as malware, is able to steal, encrypt or delete your private information, monitor your activities on the computer without your permission. It can also alter the basic computing function of your device.
Spyware and viruses are examples of malware. All it requires is for just one employee to click the links and malware will provide hackers with remote access to computers in your network and access to personally identifiable information.
On a daily basis, there are high-profile cases of phishing schemes in the news and this is a serious source of concern to businesses. Since you could be the next target, you need to take the following proactive measures to enhance the security of your network from insider threats.
1. Effective security policy
In the least, whatever security policy you have in place must include procedures to discover and check misuse. You also need to put up guidelines for conducting insider investigations through which employees are informed of the inherent harm of misuse.
The very first thing you do is to go through your security guidelines and work on sections where you have put too much trust in insiders. The person you think is the good guy may even be your source of attacks.
If you have taken this very first step, you can then ensure that your policy details the limits on access to and dissemination of personal data about your employees, vendors, contractors, and other third parties who may fall victim to investigations. If this is done wrongly, you may end up going through a series of legal actions among other consequences.
You must clearly outline employees that can access your company’s data and to what extent. Also, you must place priority to the degree and circumstances as well as and with whom any employee is allowed to share this information.
Nobody should be seen as being above the law, what goes for the goose should go for the gander. Favoritism should be completely out of the question, your security policy should spell out the consequences of misusing company resources for everybody.
2. Don’t short-change physical security
If you don’t allow people to have undue access to your network, you have gone a long way in ensuring that you are not vulnerable. Don’t be afraid of the bad names you will be called, the important thing is that you are home safe and dry, your critical infrastructure is not tampered with by insider incidents.
It’s important for you to apply tight access control and don’t be tempted into relying on only keycards just because you want to save costs, the end result may prove to be a colossal waste. Keycards are only single-factor authentication, sometimes, people borrow them to short change you and they can even be lost or stolen.
The best way you can really stay safe is to implement a multi-factor authentication where your employees use PINs, keycards, and biometrics like fingerprint scanners. Employees should be cautioned about carelessly dropping sensitive materials on their lockers, miscreants can easily lay their hands on hard copies and utilize them for their nefarious activities.
3. Who are you employing?
Before employing any new person into your workforce, you must carry out a thorough investigation into the background. The time you spend doing this will be to your advantage, though this may not be enough it, however, goes a long way to save you from uncertainties.
If you think this process is time-consuming, you can decide to outsource such jobs to professionals in the market.
4. Checkmate data leakages
Every source of sensitive information such as email and instant messaging that leaves your corporation must be secured. Employees should be very careful about what they say and to whom.
People can capitalize on such information to cause harm to the organization, so part of your security policy must ensure that confidential information is not divulged to outsiders. The intrusion detection system (IDS) comes in handy to scan your business for uncommon catchwords that are peculiar to your organization.
Your IDS should be configured to raise the red flag whenever you have such leakages.
Conclusion
According to McKinsey & Company, it was found that insider threat was responsible for data breaches in 50 percent of the occurrences. Since this is the scenario we have, protecting your organization from cyberattacks is halfway solved if you are able to block any loophole you have from insiders.