The top cyber threats that challenge businesses worldwide do not vary much from year to year. All the Usual Suspects are there, with maybe minor changes in ‘pole position.’ Usually topping the list: Phishing, Malware, Ransomware etc. These are among the prominent standard-bearers of the cybercrime industry and only the technology and tactics evolve - and whoever provides your IT Support had better be on top of it.
Take a poll among prominent members of the Charlotte IT Support community and you should find that 9 out of 10 can immediately tell you what is new and different about the nature of cyber threats in relation to last year. This is a great test for your IT provider – whether in-house or outsourced. Anyone who is not up to date should be replaced. Your data is the life blood of your business, and you should not have lazy and/or inept people guarding it.
Cybercrime is one of the most rapidly growing industries in the world – next to Cybersecurity. It is not just one type of crime -each separate ‘Cybergang’ treats it as a business. You will find the same thing there that you do in the general world of business: different gangs have their own niches and specialties.
Just below the threat matrix lie the strategies and tactics of the attacks themselves. Every year the danger of the insider threat rises steadily.
The #1 form of insider threat is the human error which enables the success of a cyber-attack, and the best IT services and the best security in the world cannot stop your employees from unknowingly clicking on a malicious link that releases malware into the system – they can only clean up the mess as quickly as possible. This is why strong, ongoing Security Awareness Training is imperative.
What is an insider threat?
An insider threat is the business and IT equivalent to what the military terms as ‘friendly fire.’ The threat emanates from management or employees within your organization in whom you have placed trust. One factor to look at is how this can happen.
According to Proofpoint, “An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization's critical information or systems. This person does not necessarily need to be an employee – third party vendors, contractors, and partners could pose a threat as well.”
It is important to understand that the person who enables the threat to take root may be either purposely malicious, disgruntled, or simply an untrained and unwitting accomplice – a dupe.
Every criminal, cyber or otherwise needs the same thing: a victim. This could be the enterprise as a whole, but mainly the dupe or unwitting accomplice is an employee who falls for a scam – much more often than not, that comes in the form of a Phishing email.
What are some indicators of insider threat behavior?
Unusual logins: Behavior becomes predictable - especially in the workplace. Just like in a fairly normal-looking phishing email, anything out of place needs to be scrutinized. “Pam logs in at 8am and out at 5pm every weekday. Why is she logging in remotely at 11pm on a Saturday?”
Too many privileges: If a middle manager is assigning too many heightened permissions to employees that shouldn’t have such escalated privileges, he/she may just be trying to make their own job easier, but this places the company at risk. You cannot hand out privileged accesses like candy - employees must be on a ‘need to know’ basis.
Unusual behavior: There are a few signs. For example, when an employee goes from happy and gregarious to sullen and quiet, something is going on. It may have no ramifications for the company, but it must be examined.
Downloading too much data: If an employee’s workstation shows a stable, steady history of data downloading, but it starts massively increasing, something is not right. Your IT team should routinely be checking these levels for just such increases. Any huge spike from a user is a big red flag.
Use of unauthorized applications: People don’t use what they don’t need for their job. Use – or repeated attempts to log into unauthorized applications sends up another red flag. This is an area IT Support should be monitoring.
The #1 Best Practice:
While you can be as diplomatic as possible, you cannot prevent an employee from developing an ‘attitude.’ Someone doesn’t get the promotion they were up for, or someone had to cancel days off because there’s a shortage of workers due to flu season – almost anything can cause an employee to begin having ‘hard feelings.’ Ultimately, you cannot completely offset these factors.
Your best bet is to create an Office Cybersecurity Culture. To get you started, please read our previous blog HERE.
Frequently Asked Questions
Who would be an insider threat?
A: There are six types of employee scenarios that can spark an insider threat:
Negligent employees: This is the most common – they are usually untrained and unaware of threats such as phishing emails bearing malicious links or attachments. Data breaches caused by negligence are primarily unintentional but place the organization at risk.
Malicious employees: As it sounds, these are disgruntled employees with a grievance against the company. To spot these, Human Resources should work with your IT crew. It cannot be taken for granted that an employee who has been disciplined or passed over for a raise or promotion may harbor malicious feelings. They need to be monitored.
Departing employees: It doesn’t much matter if the employee’s departure was voluntary or involuntary, this is a very real threat. Data theft and intellectual property are the two principal areas of focus, as they can enhance the departing employee’s performance at their next company – a salesperson who lures customers from you to their new company. Dell performed a survey in which they found that approximately ONE THIRD of employees took company data with them when they left an organization.
Inside agents: These are nefarious because they want to stay with the company while doing the bidding of others. Their participation could be due to social engineering, extortion, or some other type of coercion. They function the same way a spy story ‘mole’ operates.
Cybersecurity evaders: Employees who do not follow policies and practices – especially in terms of security. They find ways around security measures because they are time-consuming and viewed as a hindrance. But in trying to make their jobs easier, they create ‘blind spots’ in the company’s control over its data which can lead to data breaches.
Third-party partners: Not all insider threats are truly on the inside. According to One Identity, 94% of organizations allow suppliers, vendors, and associated companies access to their network with varying levels of permission. If you think it’s difficult to track your own employees, think about all the employees at all your third-party partners.
What is an example of an insider threat?
A: There are four main threat categories:
Sabotage: The insider has legitimate access, but purposely damages or destroys data or systems.
Fraud: In an attempt at deception, the insider steals, modifies or destroys data.
Intellectual Property Theft: The insider steals the company’s intellectual property for profit – either by reselling or taking to a new employer.
Espionage: Theft of data for the benefit of another specific organization.
What scenario might indicate a reportable insider threat?
A: Aside from IT Support monitoring who is doing what on the network, behavioral issues are a prime indication. There are almost infinite ways this can manifest itself: drastic mood changes or sudden affluence (“Hey Bob – how can you afford to trade in your Ford Focus for a Maserati?”) etc.
How are insider threats prevented?
A: There is no single technology that can prevent insider threats: Prevention requires human observation. Only ongoing vigilance from your IT Services, management, HR, and employees can sound alarm bells. Simply put, “If you see something, say something.”
How secure is your network?
As a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and security assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our IT Services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
Contact us today! We have the experience to ensure a seamless transition. After the move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:
704-565-9705
