The Threat Of Insider Lapses And Attacks
Among the security threats that organizations face every day, few are as dangerous or as little understood as those arising from within the organization. It is easy to focus on the threat of external hackers that take the headlines, but the truth is that your greatest threat might already be inside your network. How you handle these insider threats can make a big difference in how your organization stands or falls in the age of numerous cyber attacks.
In one 2017 case study, breaches arising from insider wrongdoing accounted for up to 58% of all data breaches. Threats that arise from within your network come in two main categories.
Jump directly to
- Lapses And How They Open The Way For Attackers
- How Insider Attacks Occur
- Safeguarding Against Insider Threats
- Helping Your Organization Minimize Insider Threats
The first category comprises those threats that arise from lapses in the security protocols that are in place inside the network. When an employee forgets to backup customers’ data as per the information security checklist, this falls under the category of lapses. As much as there may be no malicious intent behind a lapse, the economic and other costs of lapses are very great. In some cases, it may be just as bad as an external hacker had broken into the network and stolen the data from your hard drives.
On the other hand, when an employee actively engages in measures to destroy or misappropriate data or other information within your network, this comes under the category of an insider attack. Just like with lapses, insider attacks are extremely common as an aggregate, but their motivations may be quite different.
Since the costs of both these insider risks can be so devastating to your business operations, you should be paying extra attention to insider security checks and protocols. Keeping data safe within the network is a requirement you cannot afford to neglect.
Lapses And How They Open The Way For Attackers
Lapses are surprisingly common in corporate organizations across the world. Corporations deal with substantial volumes of valuable data, data that should be kept safe from loss and from prying eyes.
Valuable data comes in the form of trade secrets, patents, information resources, designs, corporate financial and strategic data, as well as data about customer accounts. When a lapse occurs, people outside the company can gain leverage against the company or an advantage through disclosure of sensitive internal data. Where a lapse is not revealed externally, it may still cause irreparable harm, especially if it involves the loss of data or company intellectual property.
The case of a Bank of Ireland information security lapse in 2008 illustrates a scenario that can be devastating to a company’s reputation with its customers. In 2008, a Bank of Ireland employee lost a USB stick containing the financial and personal details of 900 customers of the bank. The much-publicised case showed that insider threats arise from the very people entrusted to safeguard a company’s data and that of its customers. Despite encryption requirements mandated by the bank, the employee had apparently not encrypted this data, making it that much easier for whoever picked up the USB to begin exploiting the details on the USB.
Another famous case of insider lapses are the disclosures around the Apple iPhone. In 2011, in a famous repeat of a similar incident from 2010, an Apple engineer left behind an unreleased iPhone 5 in a bar in San Francisco. Apple was at great pains to recover the lost iPhone, but it’s safe to say that they would not have approved of an engineer taking the unreleased phone on a beer break. Prototype intellectual property can be priceless for hackers and competitors, making the disclosures particularly risky for the makers of the iPhone.
How Insider Attacks Occur
When it comes to insider attacks, these are initiated by people inside your organization against the trust and interests of the organization. There are ways to spot insider attacks and be aware when they are taking place. If you keep server access logs, for instance, you may be able to see when employees access computing resources or databases. Some commands in computing shells can also help you spot insider attacks as they occur.
An instructive example of an insider attack is the case of Kimberly Laird, a PNC Bank employee who was charged with bank theft in 2012. The employee, a bank manager, bypassed internal bank controls, setting up bogus accounts and cashing in certificates of deposit. Laird used the account details of PNC clients to facilitate her insider fraud.
In another high-profile case, in 2017 Tesla sued a former executive for stealing secrets from the company’s confidential servers. Sterling Anderson, the company’s former director for Autopilot Programs, stole proprietary information about the Autopilot program and collaborated with the former chief of Google’s autopilot program. The case was particularly notable for the highly valuable nature of the intellectual property and corporate secrets that were alleged to have been stolen.
Of 1,388 cited cases of insider fraud in 2012, the Association of Certified Fraud Examiners discovered that 229 occurred within financial institutions, which was the highest figure for any one industry.
Notably, the Association of Certified Fraud Examiners (ACFE) discovered that the presence of anti-fraud controls is correlated with a significant decrease in the cost and duration of occupational fraud schemes.
Safeguarding Against Insider Threats
Lapses and insider attacks can arise from unhappy employees, disengaged employees, or be putting sub par employees into positions of authority. When these are the case, it may be only a matter of time before an organization suffers a lapse or insider attack.
When it comes to insider attacks, financial gain is a notable motive. The ACFE found that living beyond one’s means was a good indicator of employees who were involved in insider attacks against their organizations.
In other cases, employees collaborate with a close friend outside the organization who wants access to company systems. Sometimes, employees commit insider attacks as a means of sabotaging the company’s programs. To eliminate the risk of employees sharing or misappropriating company secrets, you should implement strong information access protocols that grant access to data only on a need-to-know basis.
While external audits are a commonly implemented means of catching insider attacks, the ACFE found that they caught only 3% of attacks. Instead, the researchers found that tips from other employees were one of the primary means by which information actually came to light leading to the detection of the insider attacks.
Your organization should, therefore, implement anonymous hotlines where you can receive tips from employees, as well as whistleblower programs. In addition, your organization should set up employee training courses that teach all employees your organization’s security procedures. The organization can also implement security checklists and post them in prominent locations for the entire organization to see and follow.
Helping Your Organization Minimize Insider Threats
Insider threats constitute one of the greatest vulnerabilities facing any organization in the marketplace today. Both lapses and insider attacks come with many heavy financial and operational costs and can tarnish a company’s reputation with its clients.
The process of protecting against these threats begins with implementing strong internal security controls as well as regular checks. You also need to harness the goodwill of whistleblowers inside the company who can alert you when things are not going according to the rules. Your organization has to take insider threats as seriously as any other threats since they are likely to prove just as devastating when a breach occurs.