4 Different Types of Attacks – Understanding the "Insider Threat"

Understanding the “Insider Threat”

The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat.

The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what was too often under-reported was the way Snowden gathered his information – by misusing his credentials. In fact, the 2014 Verizon Data Breach Investigations Report stated that privilege abuse was the most common type of insider threat by far.

Insider threats can pose a real security risk to companies. They can be caused by someone who is purposely malicious, as Sony discovered, or it can be something as simple as someone opening an attachment loaded with Malware that allows outsiders the opportunity to steal information.

insider threat security

It is important to understand that there are several different categories of insider threat actors, and each of them represents significant challenges to organizations,” said a security researcher at DoTerra.

They are:

  1. Compromised actors: Insiders with access credentials or computing devices that have been compromised by an outside threat actor. These insiders are more challenging to address since the real attack is coming from outside, posing a much lower risk of being identified.
  1. Negligent actors: Insiders who expose data accidentally — such as an employee who accesses company data through public WiFi without the knowledge that it’s unsecured. A large number of data breach incidents result from employee negligence towards security measures, policies and practices.
  1. Malicious insiders: Insiders who steal data or destroy company networks intentionally – such as a former employee who injects malware in corporate computers on his last day at work.
  1. Tech savvy actors: Insiders who react to challenges. They use their knowledge of weaknesses and Vulnerabilities to breach clearance and access sensitive information. Tech savvy actors can pose some of the most dangerous insider threats, and are likely to sell confidential information to external parties or black market bidders.

Data theft by insiders is as much the result of companies failing to implement strategies and technologies to employee monitor behavior and govern access to data as it the actual malicious behavior of an employee seeking financial gain or revenge, Jason Hart, VP, Cloud Solutions, at SafeNet, pointed out.

The enemy within has been a threat to data security for decades and is nothing new,” said Hart. “However, the frequency and impact of insider security incidents have increased because the notion of a ‘security perimeter’ has completely disappeared. Companies have embraced distributed, mobile models for their workforces based on the consumerization of IT and the increased use of shared resources.”

This is especially true with BYOD, cloud services or consumer hosting. “These practices have reduced the effectiveness of traditional security, which has focused on the securing the perimeter, endpoints within the enterprise, and corporate networks.”

To defend against the insider threat, IT departments will need to take a different approach to security. According to Asaf Cidon, CEO of Sookasa, it is time to stop thinking about securing the network or the perimeter and begin focusing on securing the data.

“The worst-case scenario often isn’t a hacker breaching internal systems, despite all the attention that massive hacks like Sony get. It’s an employee that loses his smartphone or has his laptop stolen,” Cidon said. “The best defense lies in securing the data—not just the devices. That means encrypting at the file-level, so confidential information is protected no matter where it ends up. IT administrators need tools that enable proactive security. By being able to track, audit, and control—even employees’ personal devices, security is dramatically enhanced. And by being able to change permission settings in real-time, IT admins can address threats underway, from lost or stolen devices or malicious insiders.”

The key is understanding what data needs be classified as critical, where that data resides and flows, and conducting a risk assessment based on confidentiality, integrity, accountability and auditability, Hart added. “There is no single technology that can provide the silver bullet to stop insider threats. Companies need to adopt technologies such as identity and access management and authentication to set policies that govern who can access what and when. This needs to be coupled with monitoring technologies that provide alerts when data is being accessed from a device or individual outside the normal patterns of activity.”

The sooner companies stop thinking breach prevention and start thinking breach acceptance, the sooner they will be better prepared to minimize the impact of data breaches whether they are from insiders or hackers.

By Jeremy Page

It Speed

Choosing a New Cloud Provider? Let the Workload Be Your Guide

Improving IT efficiency, delivery, and cost structure There’s no question that customers are embracing cloud for all types of workloads. Whether the workloads are mission-critical, third-tier applications, or somewhere in between, the cloud has become ...
12 Cybersecurity CEOs On What Each Learned Leading During The Pandemic

12 Cybersecurity CEOs On What Each Learned Leading During The Pandemic

Cybersecurity CEOs’ lessons learned from navigating the pandemic provide a valuable framework for leading and growing a business through anxious, uncertain times. How each cybersecurity CEO responds to the challenges of keeping employees safe, customers ...
Karen Gondoly

Lessons Learned When Moving to the Cloud

Moving to the Cloud Lessons At Leostream, we work with organizations around the globe that are moving workloads to the cloud. These organizations span a wide range of industries, vary in company size, and typically ...
Kayla Matthews

The California Consumer Privacy Act: What You Should Know

The California Consumer Privacy Act GDPR or the European Union’s General Data Protection Regulation effectively altered the way that businesses interact with European citizens. It doesn’t matter whether a company is located within the boundaries ...
Anita Raj

Will there be a normal to go back to after COVID-19?

The COVID-19 Aftermath Until November last year, not one of us would have expected life to take such a dramatic turn in as short as 4-5 months. Yet here we are - confined to our ...
Ian Hayes

Pick The Right AWS Course And Ensure A Brighter Future Ahead

Picking The Right AWS Course As the leader of the pack, AWS (Amazon Web Services) is the fastest-growing public cloud service in the industry, and it's all set to extend its dominance with a 52% ...