Insiders Are Cyber Criminals Favourite Connection

Employees pose a formidable threat to cyber incident response teams and as insider threats they are an ongoing top danger for companies. Many companies fail to consider that their people are just as important as the software they use when it comes to protecting themselves against cyber threats. 
 
There is an assumption that employees, particularly new starters, have a basic knowledge of IT and IT security, but these skills are not being checked within the first month of employment. Trying to reduce this risk is really difficult to mitigatie and incident-response teams face a range of challenges.
 
Discussions with various incident-response teams has revealed that between 25 to 30 percent of data breaches often involve an external hacker working with an internal employee to crack the organisation’s IT system. There are various methods of detection when it comes to insider threats, including monitoring the log data of employees, and tracking if they download substantial amounts of data to external drives. 
 
Any attempts to bypass security controls or access confidential data that is irrelevant to an employee’s role should be tracked and monitoring employees who access data outside of normal working hours. ​Additionaly, emailing sensitive data to a personal account and excessive uses of printers and scanners are other indicators of insider threats.
 
There are emerging challenges when it comes to monitoring employees without violating privacy laws. With the increase of bring your own device (BYOD) policies, many companies walk a fine line in monitoring employees for insider threats, and balancing that surveillance with employee data privacy. As an example, the General Data Protection Regulation (GDPR) does not explicitly change rules on employee monitoring, but the privacy law does include a number of provisions which will make monitoring more difficult for companies. Under GDPR, employers must seek out valid consent from employees when they monitor their devices.
 
Complying with GDPR mean that the organisation must tell employees that they are being monitored and so potential criminal assistants will know how to avoid being watched.
 
This mean that companies must navigate intentional malicious threats, for instance, a disgruntled employee who wants to destroy or steal data from his employer. They must watch for insiders who are stealing data for the benefit of outsiders, versus unintentional threats, such as a careless worker who may misappropriate resources, mishandle data, open phishing emails or install unauthorised applications.
 
While both types of employees are detrimental to companies, different types of mitigation efforts are needed for each one. For instance, human resource-related efforts are a top priority when rooting out rogue employees, including background checks, non-disclosure agreements and more, while training can help stomp out “unintentionally” malicious employees.
 
How Are Employees Targeted By Hackers?
There are a number of low-tech methods that are adopted by hackers that specifically target employees, some of which may seem too simple to be believed. Methods include: 
  • Social engineering - hackers posing as people within an organisation to obtain access to the network, for example, presenting themselves as a member of IT security and asking for a network password.
  • Baiting - hackers use data captured about an employee to trick them into revealing information. An example is using the information listed publicly on LinkedIn to target a junior employee by posing as the CEO to request an action to be carried out.
  • Unsubscribe buttons - hackers coax employees into downloading malware by hiding links to malware sites in email unsubscribe buttons, which must be included on all marketing emails.
  • Keylogger - also known as keyboard capturing, this technique records and stores strokes of a keyboard and can often pick up personal email IDs, passwords and other sensitive data.
  • Internal threats - current or former employees can gain unauthorised access to confidential data, or infiltrate a business’s network with malicious intent. This can include infecting machines with keylogging software or ‘shoulder surfing’, the act of observing someone typing their password. 
As many as 65% of UK professionals did not receive mandatory IT training in their first month of employment in their current or most recent role.
 
Of these individuals, 74% had never received any IT training at all in their current or more recent role, despite 86% of all respondents saying that they worked on a computer every day. In addition, there is a consensus that employers do not value the ongoing development of employees’ IT skills, as 45% of respondents said that they felt their employer didn’t take this issue seriously. Only 11% said they felt that their managers take the matter of their wider IT knowledge “very seriously”.
 
What Should Businesses Do To Improve Cyber Security Amongst Employees?
An effective cyber security strategy must involve appropriate controls to maintain a base level of security, and a monitoring system to look for attempts to violate the policy. This should be underpinned by training for all employees. It is in the best interest of all businesses to ensure their workers have all the knowledge, awareness and skills they need to help protect an organisation against cyberattacks and data breaches.
 
Each and every person in the workforce, from the minute they are employed, should receive IT training to help them understand data management, protection and disposal best practice. The threat of cyberattacks should never be underestimated, and it is up to employers to ensure that their staff have the tools they need to ensure company data is protected at all times.
 
Most of the threats related to unaware or careless employees, including spam, phishing and ransomware, can be addressed with endpoint security solutions. There are tailored products that can cover particular needs of SMB and Enterprise-level companies in terms of functionality, pre-configured protection or advanced security settings.
 
Overall, while there is evidently much more work to do before businesses are secure from the actions of their own employees, it is nevertheless refreshing to see that many businesses are recognising this, and starting to address the threat from within, with additional training, solutions and human resources.
 
Cyber Employee Training and cyber Audit Strategy Information:-
 
Please Contact Cyber Security Intelligence if you would like more information for Employee Cyber Training and Data/Information Audits and Strategy.  
 
Kaspersky:          Threatpost:              PrivSec:
 
You Might Also Read:
 
Creating A Cyber Incident Response Policy:
 
One in Four Workers Would Steal Company Information:
 
 
 
 
« Ransom Attack Strikes New Orleans
The Biggest Cyber Attack Of 2020 Has ‘Already Happened’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

Digitronic Computersysteme

Digitronic Computersysteme

Digitronic focus on innovative software to protect your personal and sensitive corporate data.

TokenOne

TokenOne

TokenOne is a Cyber Security software company that makes it easy to replace passwords, tokens and other forms of authentication with a more secure solution.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

Fudo Security

Fudo Security

Fudo Security is a leading provider of privileged access management and privileged session monitoring solutions.

Data Storage Corp (DSC)

Data Storage Corp (DSC)

Data Storage Corporation is a provider of data recovery and business continuity services that help organizations protect their data, minimize downtime and recover and restore data.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

LogicGate

LogicGate

The LogicGate Risk Cloud™ is an agile GRC cloud solution that combines powerful functionality with intuitive design to enhance enterprise GRC programs.

Anxinsec

Anxinsec

Anxinsec Technology is a security solution and service provider with a focus on new technology and innovations in cybersecurity.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

ANY.RUN

ANY.RUN

ANY.RUN is an interactive online malware analysis service created for dynamic as well as static research of multiple types of cyber threats.

Star Lab

Star Lab

Star Lab specializes in the development and productization of embedded security technologies.

Issue53

Issue53

We empower organizations to thrive in the digital landscape. Strengthen your defenses, enhance resilience – Choose Issue53 for a secure and future-ready IT environment.

ABPSecurite

ABPSecurite

ABPSecurite is a leading value-added distributor and a network performance solutions provider.

EasySec Solutions

EasySec Solutions

EasySec Solutions provides a cyber-security platform, based on a combination of the zero trust model and the software-defined security management.