While no one discounts the risk of outside cyber criminals an insider threat could be even more devastating, insiders are part of your organization, they know the structure of your information technology operations and they understand how your files are stored and how they are backed up. If an insider wished to pose a threat, he or she could almost certainly do it. As a matter of fact, nearly half of those who could one day pose an insider threat recognize the power they hold over the organizations that employ them.
As in the recent Tesla targeted failed ransomware extortion scheme to recruit an employee of Tesla to launch an external Distributed Denial of Service (DDoS) attack against the company, which would serve to preoccupy the company’s computer security staff and conceal a second cyberattack. This second attack would utilize the malware to exfiltrate data from the computer network and into the possession of the cybercriminals behind the attack. These cybercriminals would later contact the company and threaten to make the data public if the company does not pay a large ransom.
According to an independent Tesla-focused blog, an employee at the Nevada Tesla factory was allegedly approached by a Russian national who offered up $1 million to infect the company with malware and compromise its networks. But the employee instead reported the incident to Tesla officials, who alerted the FBI.
In most cases, organizations can’t rely on external prior notification or assistance. Therefore, security teams need to be agile as time is their most precious resource in dealing with ransomware attacks and malicious insider behaviours. Insider threats are an ongoing top danger for companies — but when it comes to mitigation efforts, incident-response teams face an array of challenges.
Discussions with various incident-response teams revealed that between 25 to 30 percent of data breaches involved an external actor working with an internal person in an organization. Before companies used to focus on external threat actors, but now, when compromising the network, many have someone on the inside, whether it’s because they bribed them or blackmailed them,
Fortunately, analytics and the rise of artificial intelligence make spotting potential insider threats easier and less intrusive. However, even with advances in technology, managers need to be aware of what to look for and how to focus their security efforts to get the greatest returns on protection:
- Focus on the right assets. Identify the most-valuable systems and data, and then give them the strongest defences and the most frequent monitoring.
- Apply deep analytics. Humans are creatures of habits: They come to work at the same time and do familiar tasks. The same can be said for how they use and interact with technology. Deep analytics and AI can uncover deviations in behaviour at the level of individual employees, which can make it much easier to spot indications that systems have been compromised.
- Know your people. Monitoring the log data of employees, and tracking if they download substantial amounts of data to external drives, any attempts to bypass security controls or access confidential data that is irrelevant to an employee’s role, and tracking employees who access data outside of normal working hours. In addition, emailing sensitive data to a personal account and excessive uses of printers and scanners are other indicators of insider threats.
- Don’t forget the basics. Every company can take some basic steps in their security posture to minimize insider threats, including background checks, monitoring employee behaviour, using the principle of least privilege, controlling and monitoring user access, and educating employees.”
Tesla just dodged a huge bullet because of an honest employee but not all companies are as lucky. Therefore, security teams need to be agile as time is their most precious resource in dealing with ransomware attacks and malicious insider behaviours. The recent Tesla incident is an example of the threat rouge insiders are to companies. Insider threats are on the rise according to a Verizon Data Breach Investigations Report. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Take action to make sure your organization isn’t the next one in these headlines.