Overcoming the insider threat

Sunday, 23 September, 2018 In Editorial, Featured News

Breaches caused by insiders are on the rise. What can be done to prevent them?

Set against a backdrop of increasing cyber-attacks, the threat from insiders is real. Anyone from a third-party contractor through to a disgruntled employee can be responsible for a breach. When Ticketmaster UK was breached this year, the unintentional actions of a subcontractor were blamed.

Breaches such as these are often accidental, or due to a lack of employee training and appropriate security controls, with staff falling for phishing emails and social engineering ploys that then allow attackers to gain access to corporate networks. The 2014 attack on financial services firm JPMorgan Chase took place after hackers stole an employee’s login credentials.

But malicious insiders are also a growing threat. According to a recent Forrester report including research content provided by Digital Shadows, some insiders are selling data obtained through privileged access on online forums.

The same online platforms are being used by cybercriminals to actively recruit insiders from a variety of industries. They are targeting sectors that hold large amounts of sensitive customer data, such as payment card details. This includes organisations in the financial services, retail and healthcare industries, the Forrester report found.

According to Forrester, other industries dealing with sensitive intellectual property or customer data are also susceptible to this threat – such as manufacturing, technology and telecommunications.

Non-malicious insiders

Non-malicious insiders also pose an increasing threat to businesses. It is unfortunately all too common for an employee to unwittingly compromise their firm through poor security practices. As well as clicking on phishing emails, data can be exposed when staff leave sensitive systems exposed to the public internet, misconfigure their devices, or send highly confidential data to unsecured locations in the cloud.

When putting together its report, ERP Applications Under Fire, Digital Shadows found examples of employees and third parties that had left full login credentials for critical Enterprise Resource Planning applications on public Trello boards.

At the same time, contractors and third parties are often responsible for serious security breaches when they misconfigure network file sharing services and storage solutions such as Amazon S3 and Network Attached Storage (NAS) drives.

Preventing incidents such as these requires a mixture of technology, process and training. Organisations looking to minimise the insider threat should therefore consider security awareness training for all staff, including contractors and third parties.

In addition, it is helpful to monitor your external footprint for cases of accidental data loss and exposure. Firms that keep track of what’s happening on the open, deep, and dark web will be able to take action if they see mentions of their brand alongside toxic information. As many of these criminal forums are located on the clear web, it’s a reminder that we shouldn’t hyper focus on dark web sources alone.

Companies can also help to mitigate the insider threat by restricting access to important data to only those who are required to have it; read/write access should only be granted where there is an explicit business requirement.  Firms should ensure two-factor authentication (2FA) is enabled to help prevent unintentionally leaked credentials being leveraged by malicious actors.

Overcoming insider threats is a continuous process. Protecting your data and assets from insiders involves understanding your estate, and this will change as your company grows, diversifies or takes on new staff and product lines. Organizations should therefore start on the inside, implementing the principles of zero trust, to properly get to grips with exactly where your most sensitive data resides and how an insider would monetize that data. Once you have understood this, you can begin applying the technological controls and employee training needed to combat this threat.


To find out more about Digital Shadows click here