Seven Profiles Of Highly Risky Insiders

Uploaded on 2016-04-19 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

To understand these insiders and why they pose a risk, start by looking at the root of the problem.

There are plenty of articles with scary numbers about the size and scope of the Insider Threat. This isn’t one of them – you already know it’s a huge concern and that few organizations maintain a reasonable level of control over it. So where do you get started? By looking at the root of the problem to understand who these insiders are, and why they pose a risk.

You may be tempted to match these insiders to specific jobs or roles. But it’s best to resist such an impulse, because insider traits emerge throughout an organization, regardless of a threat’s position. To lend clarity, here are seven profiles of common high-risk insiders.

Convenience Seekers like to ignore protocol. The "official" way to do things is too long, difficult, or complicated. Or they may prefer their own methods, such as opting for their preferred file-sharing service instead of a corporate one. They’ll also frequently use personal email to get around performance or attachment size limitations.

Accidental Victims make mistakes, perhaps because of a lack of training (or learning) of proper processes and systems. Accidental Victims will hit the wrong button, send a document to the wrong "Bob" or otherwise make an honest mistake. Most likely, our Accidental Victims are tired, stressed or distracted when they do these things. They’re especially vulnerable because external threats often "create" fear and panic as part of a phishing scheme or phone scam, so their targets won’t realize that they’re being set up.

Know-It-Alls want to "contribute," "show value," and be visible whenever possible. Unfortunately, they may over-share information in an email response. They might respond to a request when someone more qualified should. Or they could initiate communications about topics with less than the required tact or subtlety. They’ll post on social media before they think about sensitive topics such as unannounced quarterly results. Some Know-It-Alls will intentionally seek to steal or manipulate sensitive information for fun, out of curiosity – or to prove they can.

Untouchables do not believe that any of the "scary stories" could happen to them. They’ve earned privileged access, and they’re copping a cavalier attitude about it. IT personnel may constantly take advantage of their super-user credentials out of convenience, for example, only to cause malware infection of a mission-critical server when they open a highly targeted phishing email. Auditors, financial execs, developers, and others with privileges could retain too much information locally, then lose their laptop, or leave it out in the open for a thief to swipe.

Entitled Ones are convinced that they have a right to certain types of data, or to do things their own way. They ignore process or policy. They’ve concluded that they "own" data, including customer lists, source codes, scientific research, and process documentation/templates. And while we normally associate the C-suite with those who do not feel the rules apply to them, anyone can develop this attitude at any level of the company.

Traitors are malicious employees. Sometimes, they’re hatching a plot at the time of being hired. More often, however, they harbor good intentions on the first day of work, but lose their moral compass after falling into debt or growing disgruntled over a lack of upward mobility and/or a salary increase. Or they internalize destructive discontent due to differences with colleagues, bosses, or the organization itself.

Secret Insiders aren’t supposed to be inside at all. But that’s where they are, having effectively executed the first stage of an external attack: gaining a foothold inside the network. (While we’ve focused on "defenses" against such attacks for the last few decades, the reality is that a breach will be successful at some point.) At this stage, Secret Insiders have network access, and security requires that measures be in place to "detect" such a breach. But, unlike the six aforementioned high-risk profiles, they are professional hackers. They’re motivated, knowledgeable – and now command all of the access and privileges of an insider.

For better or worse, security options have evolved from early login IDs/passwords, firewalls, and desktop anti-virus (AV) products to dozens of solutions that work in concert to protect the network, users, and data. An Insider Threat program will implement many of these, such as access controls and data loss prevention (DLP) tools, along with well-defined (and enforced) processes and newer technologies, like User Behavior Analytics (UBA).
 
Bottom line: user education is not new. But it is frequently overlooked as a potential solution due to mindsets developed when most of us didn’t know how to change the clocks on our VCRs, and never bothered to learn.

(Congratulations if you did not need to Google "VCR" to understand that sentence). Yet, today’s employees were raised with Nintendo, the Internet, and smartphones. They take pride in knowing about the latest apps, and every feature of their mobile devices. This means organizations can appeal to this generation’s "tech pride," educating them about how recommended "professional habits" can elevate them to positions of trust.

In other words, users are more capable of recognizing risks, and the value of preventative measures and processes, if we simply involve them.

DarkReading: http://ubm.io/1qVMYFI

« The Growing Cyber Threat From Iran
Convoy Of Self Driving Trucks Completes European Cross-Border Trip »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Digital Gurus Recruitment

Digital Gurus Recruitment

Digital Gurus provide specialist recruitment services in areas including IT and information security

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

Ingalls Information Security

Ingalls Information Security

Ingalls Information Security provides network security, monitoring and forensics.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Anthony Timbers LLC

Anthony Timbers LLC

Anthony Timbers is a cybersecurity consulting and penetration testing firm providing services to the Federal and Commercial sectors nationwide.

Capital Network Solutions

Capital Network Solutions

Capital Network Solutions are a highly accredited managed IT services and consultancy provider, specialising in cyber security, infrastructure and communications.

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services is a premier Managed Internet Technology (I.T.) company with a focus in cybersecurity risk management and CMMC compliance management.

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startups Association is an umbrella organization that aims to promote, support and represent the interests of tech startups in Romania.

Gorilla Technology Group

Gorilla Technology Group

Gorilla specializes in video analytics, OT network security and big data to support a wide range of solutions for commercial, industrial, cities and government purposes.

Gilsbar

Gilsbar

For more than half a century, Gilsbar has offered insurance service solutions and support for businesses and their employees.

SecuCenter

SecuCenter

Secucenter is a trusted partner for SOC services, offering security expertise in a cost-effective way.

Hunt & Hackett

Hunt & Hackett

Hunt & Hackett helps European companies prevent, detect and respond to today’s most advanced adversaries, safeguarding them against cyberthreats and espionage.

Lyvoc

Lyvoc

Lyvoc is a premier cybersecurity integration partner renowned for its expertise in supporting its clients to accelerate and secure their digital transformation.