4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat” 

The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat.

The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what was too often under-reported was the way Snowden gathered his information – by misusing his credentials. In fact, the 2014 Verizon Data Breach Investigations Report stated that privilege abuse was the most common type of insider threat by far.

Insider threats can pose a real security risk to companies. They can be caused by someone who is purposely malicious, as Sony discovered, or it can be something as simple as someone opening an attachment loaded with malware that allows outsiders the opportunity to steal information.

hacks

It is important to understand that there are several different categories of insider threat actors, and each of them represents significant challenges to organizations,” said a security researcher at DoTerra.

They are:

  1. Compromised actors: Insiders with access credentials or computing devices that have been compromised by an outside threat actor. These insiders are more challenging to address since the real attack is coming from outside, posing a much lower risk of being identified.
  1. Negligent actors: Insiders who expose data accidentally — such as an employee who accesses company data through public WiFi without the knowledge that it’s unsecured. A large number of data breach incidents result from employee negligence towards security measures, policies and practices.
  1. Malicious insiders: Insiders who steal data or destroy company networks intentionally – such as a former employee who injects malware in corporate computers on his last day at work.
  1. Tech savvy actors: Insiders who react to challenges. They use their knowledge of weaknesses and vulnerabilities to breach clearance and access sensitive information. Tech savvy actors can pose some of the most dangerous insider threats, and are likely to sell confidential information to external parties or black market bidders.

Data theft by insiders is as much the result of companies failing to implement strategies and technologies to employee monitor behavior and govern access to data as it the actual malicious behavior of an employee seeking financial gain or revenge, Jason Hart, VP, Cloud Solutions, at SafeNet, pointed out.

The enemy within has been a threat to data security for decades and is nothing new,” said Hart. “However, the frequency and impact of insider security incidents have increased because the notion of a ‘security perimeter’ has completely disappeared. Companies have embraced distributed, mobile models for their workforces based on the consumerization of IT and the increased use of shared resources.”

This is especially true with BYOD, cloud services or consumer hosting. “These practices have reduced the effectiveness of traditional security, which has focused on the securing the perimeter, endpoints within the enterprise, and corporate networks.”

To defend against the insider threat, IT departments will need to take a different approach to security. According to Asaf Cidon, CEO of Sookasa, it is time to stop thinking about securing the network or the perimeter and begin focusing on securing the data.

The worst-case scenario often isn’t a hacker breaching internal systems, despite all the attention that massive hacks like Sony get. It’s an employee that loses his smartphone or has his laptop stolen,” Cidon said. “The best defense lies in securing the data—not just the devices. That means encrypting at the file-level, so confidential information is protected no matter where it ends up. IT administrators need tools that enable proactive security. By being able to track, audit, and control—even employees’ personal devices, security is dramatically enhanced. And by being able to change permission settings in real-time, IT admins can address threats underway, from lost or stolen devices or malicious insiders.”

The key is understanding what data needs be classified as critical, where that data resides and flows, and conducting a risk assessment based on confidentiality, integrity, accountability and auditability, Hart added. “There is no single technology that can provide the silver bullet to stop insider threats. Companies need to adopt technologies such as identity and access management and authentication to set policies that govern who can access what and when. This needs to be coupled with monitoring technologies that provide alerts when data is being accessed from a device or individual outside the normal patterns of activity.”

The sooner companies stop thinking breach prevention and start thinking breach acceptance, the sooner they will be better prepared to minimize the impact of data breaches whether they are from insiders or hackers.

By Jeremy Page

About Jeremy Page

Jeremy Page is a tech strategist at Top Ten Reviews, an expert review company. Jeremey has also written a number of influential pieces for Hack college, Huffington post and IT World Canada, which he was awarded "Top Blogging" honors.

View All Articles

Sorry, comments are closed for this post.

Comics
Disaster Recovery – A Thing Of The Past!

Disaster Recovery – A Thing Of The Past!

Disaster Recovery  Ok, ok – I understand most of you are saying disaster recovery (DR) is still a critical aspect of running any type of operations. After all – we need to secure our future operations in case of disaster. Sure – that is still the case but things are changing – fast. There are…

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Moving Your Email To The Cloud? Beware Of Unintentional Data Spoliation!

Cloud Email Migration In today’s litigious society, preserving your company’s data is a must if you (and your legal team) want to avoid hefty fines for data spoliation. But what about when you move to the cloud? Of course, you’ve probably thought of this already. You’ll have a migration strategy in place and you’ll carefully…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more…

Four Trends Driving Demand For Data Security In 2017

Four Trends Driving Demand For Data Security In 2017

Data Security Trends 2017 will be a hallmark year for security in the enterprise as all industries have reached a tipping point with respect to cloud and mobile adoption, forcing more and more data beyond the corporate firewall. Over 100 IT executives weighed in on their plans for 2017 in our latest survey; buried among…