Tag Archives: insider threat

Immediate Vault Immediate Access

Understanding Cyberrisks From Insider Threats

Posted on by

insider threat cyber risk

As cyberrisks evolve, enterprises have begun to focus on the insider threat by adding specialized capabilities for behavioral analytics on top of endpoint and network monitoring. In order for these tools to be most successful, there must be a fundamental understanding of the role an insider plays in a breach. Not every employee-caused breach is malicious, but they certainly are numerous. In fact, according to Verizon’s most recent Data Breach Investigation Report, 90% of breaches have a human component, regardless of intent.

Insider threats are a rampant problem exemplified by several recent headline-making incidents: the indictment of six Chinese nationals on suspicion of stealing intellectual property worth millions from two U.S. technology firms; accusations from financial giant Morgan Stanley toward an employee believed to have stolen client information with the intent to sell it; and claims from wearable-maker Jawbone that its competitor Fitbit regularly courted its privileged employees, enticing several of them to switch companies and bring sensitive details on its products. The uncertainty around all of these cases begs a couple of important questions: how can intent be determined, and how can employee privacy be maintained while ensuring business security?

Malicious or Careless?

Many think of insider threats only in terms of deliberate attacks, but the risk includes damage caused by simple carelessness. It is important to note the differences between malicious and careless incidents to ensure you are taking the right steps to mitigate the threat to your organization.

“Malicious incident” means an employee or someone trusted with network access has acted deliberately, either of their own volition or under the influence of others. A rogue malicious employee usually breaches security policy intentionally for personal gain. This type of incident is illustrated by the Jawbone/Fitbit controversy, as well as the case of the accused Chinese nationals mentioned above.

buy levofloxacin online www.gcbhllc.org/scripts/html/levofloxacin.html no prescription pharmacy

Three of those six individuals allegedly leveraged their positions at tech firms to steal research and technology they could replicate and profit from in China.

Conversely, the non-malicious insider threat often stems from employees’ inadvertent mistakes. There is no endgame, just a failure to follow security protocol. This can happen when employees breach policy intentionally but without malicious intent, not recognizing the risk. Sensitive data may be lost due to use of an unauthorized app (“shadow IT”) or manipulation through social engineering attacks, for example. This is easily the most common form of insider threat and can be seen in any case where employee credentials are stolen due to carelessness. To create a truly complete response plan to address insider threats, these incidents must be accounted for as well.

The Most Common Attack Vectors

Through our customer assessments, we have found that most threats stem from two common groups: employees who are planning on leaving the company, and privileged users who are targeted by outside actors.

We’ve come across employees attempting to steal sensitive information before leaving their employers a shocking number of times. In a large portion of investigations launched within three months of working with new customers, we’ve discovered employees attempting to leave with trade secrets that will help them down the road. In recent customer assessments, we found staff using hacking tools not required for their job—like Wireshark and Process Hacker —in two-thirds of cases, and we found staff actively bypassing company security measures 96% of the time.

But the bigger problem we have noticed is outsiders targeting privileged users in order to get into an organization’s networks. Attackers seek out privileged users in order to get quicker and deeper access to sensitive and strategically important information. It’s not as hard as you’d think; 75% of assessments found staff using pirated software, and 93% found sensitive information both in the cloud and on unencrypted USBs.

buy zyprexa online www.gcbhllc.org/scripts/html/zyprexa.html no prescription pharmacy

These risky practices open the door for phishing schemes, watering-hole attacks, and a slew of other approaches aimed at gaining access to user credentials. A growing number of these highly targeted forms of attack are being perpetrated by sophisticated, well-managed criminal organizations.

Don’t Compromise Privacy

Knowing the varying possibilities, organizations are hard-pressed to guarantee awareness of suspicious or dangerous activities without impacting their employees’ rights to privacy. To address this, start by focusing monitoring on rich, context-heavy data that truly describes typical workforce activity—for example, baseline user behavior over a set period of time to identify uncharacteristic access to sensitive data, running new and unusual applications, or downloading files that an employee has never touched before.

But don’t forget the need to protect the privacy of your employees. Conversations with the legal and HR departments are critical to ensure your plan abides by the legal and ethical limits on gaining insight into user activity.

buy vilitra online www.gcbhllc.org/scripts/html/vilitra.html no prescription pharmacy

Be sure the efforts to stamp out an insider threat don’t come at the expense of the rights of the rest of your workforce.

How Does This Affect the Enterprise?

Whether driven by a careless user, a disgruntled employee looking for quick monetary gain or state-backed espionage, insider threats can have a huge and devastating impact on an organization. Enterprises are beginning to realize they need to understand not only their networks and systems but also their employees and their activities. Historically, a majority of businesses ignored the issue. The most recent Vormetric Insider Threat Report shows 89% of organizations feel vulnerable to the risk of insider threats, but organizations taking a proactive approach still remain in the minority.

Your best bet is to adhere to the philosophy of “trust, but verify.” Rather than focus on locking down certain applications and limiting access to many or all users at the network perimeter, organizations must gain broad visibility into behavior across the company to identify the most pressing vulnerabilities. Not until that has become a widespread practice will enterprises have a true handle on the insider threat.

Insider Threats and the Limitations of Pre-Hire Background Checks

Posted on by

Background check

Is your company guarding against the threat of insider attack? If you responded with, “well, we do background checks when they are hired,” that’s a good start, but what about risk assessment during the course of an individual’s employment?

buy chloroquine online www.biop.cz/slimbox/css/gif/chloroquine.html no prescription pharmacy

The 2015 Insider Threat Spotlight Report from Infosec Buddy found that less than half of companies have the proper tools to fight insider threats. And, according to 62% of security professionals, that threat has increased in the past year. The average company faces four insider attacks every year, with an estimated price tag of $500,000 each, in addition to the astronomical impact a breach can have on an organization’s reputation.

So where is the disconnect? It starts with how we assess individual risk.

The limitations of the current employee screening model

The majority of companies conduct a one-time background check on new employees before they are hired. This is a necessary part of the risk assessment process, and the majority of background screening companies are great at what they do, but this model is built on a flawed assumption: that employee risk remains constant over time.

While an employee may not have posed a risk when hired, that can change quickly. Stressful life events such as a bankruptcy, a DUI, a divorce or a negative performance review can change an individual’s risk profile in an instant. It is also important to note that traditional background checks typically focus exclusively on criminal records, failing to analyze other important information sources like human resource documents, financial records, and social media activities.

And it’s not just employees. Insider threats can come in the form of third-party contractors, vendors, suppliers, and partners – in other words, any parties with the ability to access sensitive corporate information.

buy advair online www.biop.cz/slimbox/css/gif/advair.html no prescription pharmacy

A recent Accenture survey found that 76% of companies believe supply chain risk management is “very important.” The reality is that people are dynamic, and so are their motivations, which is why companies need comprehensive tools for managing personnel risk as it evolves over time.

The future of background checks: continuous identity screening

Getting proactive about managing the risks of insider threats starts with finding ways to continuously monitor personnel risk after they are brought into the organization. Advances in software offer one way to approach this challenge. Programs now exist that allow companies to actively monitor changes in personnel risk as it evolves, throughout an individual’s tenure with the company.

Continuous identity screening software automatically gathers and analyzes risk data from all relevant information sources, such as public records and HR documents, and proactively alerts risk and security managers to the most pressing threats. This allows risk managers to be continuously updated in real time, instead of traditional methods of pre-hire or periodic screening, which can uncover risk after it’s too late.

Take the example of a city bus driver who has received a recent DUI charge. Many employers would not be notified of that until a regularly-scheduled periodic background screening, if at all. Most employers rely on their employees to self-report incidents, but that does not always happen for obvious reasons. By implementing continuous screening, companies can immediately learn about that bus driver’s DUI charge, which prompts an investigation that could lead to further action.

Today’s continuous screening tools can also be customized by industry. For instance, the financial services industry may attribute more risk to an employee filing for bankruptcy than a transportation company would, whereas the healthcare industry may view odd activity on the network as a greater indicator of potential IP theft. Every industry has its own unique challenges and obstacles in meeting the mandates and regulations necessary. Tailoring the screening process accordingly can help proactively address those issues.

buy stendra online www.biop.cz/slimbox/css/gif/stendra.html no prescription pharmacy

What does this mean for you?

By bringing together identity data from external sources like criminal and financial records with internal sources like network activity and personnel reviews, organizations can reduce the risk of insider threats. It also allows organizations to maintain compliance through a legally defensible audit trail designed to meet critical regulations such as FCRA, FTC, and EEOC.