You might have heard of the threats that are built into machines, and the ones that are created by people to exploit loopholes in any given system. We’re all aware of the malwares and viruses, the phishing sites, fake accounts, and everything digital threat that exists in this day and age. But let’s throw it back to the classics for a bit to tackle on the still existing grave threat, and probably the most dangerous of them all: insider threats. That’s right; there isn’t a code, a program, software or data cache that’s more dangerous than a human mind.
Since the dawn of time, for every great creation that works using a system (the calendar, a government, the multiplication table), there have been minds who have been able to see the limits and deduce the effectiveness of each. Fast forward to thousands of years of human development, and this still holds true. Cryptocurrency, the latest trend, has its own digital demons to exorcise, but its greatest adversary is still the human mind with evil intent.
CA Technologies put up a report regarding insider threats, or the classy, Ocean’s Eleven way of doing things, led by Holger Schulze, CEO and Founder of Cybersecurity Insiders, a group dedicated to the investigation of malicious insiders, and negligent ones. Simply put, insiders can either know or do not know that they’re being a threat to cybersecurity.
This is done, how, you ask? Well, every villainous group has a mastermind. That’s where it all begins. An employee, executive, or a co-owner of any business can jeopardize the security of the company, and this mastermind is doing it willingly, most likely due to greater ambition. Of course, taking over an empire is no easy task, and is not something you can do without allies. So, the next tier of insiders comes to play: the major players. These are carefully planted moles in every department, equipped with the necessary skill, title and ambition to participate in such a risky activity. Lastly, a scheme will never be complete without its most prominent performer: the pawns. These are the ones that are either in the loop but too incompetent for a bigger role, or the people who have no idea that they’re participating in something of the sort.
CA ran a survey spanning 400,000 members of the online community, with Cybersecurity Insiders, in partnership with the Information Security Community on LinkedIn to conduct an in-depth study of cybersecurity professionals to gather fresh insights, reveal the latest trends and provide actionable guidance on addressing insider threat. Below are the key takeaways on the survey:
Ninety precent of organizations feel vulnerable to insider attacks. The main enabling risk factors include too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%). A majority of 53% confirmed insider attacks against their organization in the previous 12 months (typically less than five attacks). Twenty-seven percent of organizations say insider attacks have become more frequent. Organizations are shifting their focus on detection of insider threats (64%), followed by deterrence methods (58%) and analysis and post breach forensics (49%). The use of user behaviour monitoring is accelerating; 94% of organizations deploy some method of monitoring users and 93% monitor access to sensitive data. The most popular technologies to deter insider threats are Data Loss Prevention (DLP), encryption, and identity and access management solutions. To better detect active insider threats, companies deploy Intrusion Detection and Prevention (IDS), log management and SIEM platforms. Lastly, the vast majority (86%) of organizations already have or are building an insider threat program. Thirty-six percent have a formal program in place to respond to insider attacks, while 50% are focused on developing their program.
The types of insiders that pose the biggest risk to organizations are somewhat expected, but with an asterisk. For example, 56% of the mitigated risk of insider threat comes from regular employees, most likely out of neglect, or what we call the accidental/unintentional insider. 55% of the mitigated risk comes from privileged IT users/admins, with access to more confidential data as their tier goes higher and is a mix of the unintentional and the malicious kind of insider. Temporary workers, contractors and service providers generate 42% of the mitigated risk and is also a combination of unintentional and malicious.
The kind of data most vulnerable to insiders, with a percentage value on mitigated risk are:
57% on confidential business information (customer data, financial reports, employee data)
52% on privileged account information (credentials, passwords, security codes)
49% on sensitive personal information (what you did last summer, personal identifiable information)
32% on intellectual property (trade secrets, products in development, designs and blueprints)
27% on operational or infrastructure data (network topology and infrastructure, methods of wresting control)
Most of these data can be accessed on several platforms, but the most common sources that insiders can get these from are Databases, file servers, cloud applications, endpoints, business applications, the active directory, the physical network, and mobile devices. Accidental insiders get involved primarily through phishing attempts, weak passwords, unlocked devices, password sharing and unsecured networking. Among the organizations participating in the survey, 34% consider external attacks (hacking, defacing) as the most likely insider threat to happen to their organization, while 36% believe that they are more prone to a deliberate attack, and 30% would like to write it off towards accidental/unintentional breach of security.
While this is somewhat a difficult way to breach cybersecurity, it’s still the most effective way, and the human mind is greater than any machine, hence, this is a problem that’s going to exist for a while.