By David Barroso, Founder and CEO, Countercraft
This means that 36% of employees who can still access an old employer’s system or data after leaving the job or 49% who have shared their login details for some reason.[1]Insiders are definitely one of the biggest threats to your cyber security.
Often, CISOs can ignore internal threats as problems within other departments, such as IT or HR. However, statistics show that this is one of the biggest security issues for any organization. 2022 Cost of Insider Threats: Global Report [2]Revealing that the incidence of internal threats has increased by 44% in the last two years, the cost per incident has increased by more than one third to $ 15.38 million.
Internal threats are not limited to employees stealing information from your organization. An internal threat should include anyone who has internal information about your supply chain, former employees, and safety processes and practices.
Here are the top reasons why identifying and preventing internal threats should be a priority on your to-do list:
1) An insider with trusted access can make a high impact with relatively low operating costs, which means they can influence organizations of all sizes and industries.
It’s inevitable that companies will have to rely on their employees to be able to perform a variety of tasks. This belief spreads over a number of roles, ranging from temporary workers and contract workers to IT administrators, independent contributors, lawyers, auditors, third party contractors and current and past employees … all of them can become a corrupt internal person.
2) As we move into the cloud we become more vulnerable to internal threats.
According to Cybersecurity Insider’s 2021 Insider Threat Report[3], 53% of cybersecurity professionals believe that internal attacks have become harder to detect since moving to the cloud. If internal threats have been a problem before, it has become even more pressing as businesses and firms move into the cloud. Insiders with temporary or permanent access to the cloud environment (IaaS, SaaS, PaaS) can cause havoc.
3) Sensitive information is particularly weak.
Sensitive information is the main target of internal threat actors. Once they have access to this data, they can sell it, make it public or use it for blackmail.
4) Violations often occur within an extended period of time.
A real struggle when it comes to identifying internal threats. The majority of internal violations (some studies show more than 70%) are discovered months or years later. Lost data and intellectual property increase rapidly over time. Companies need a plan that provides for real-time detection of potential internal threats at the beginning of the threat cycle.
5) Internal system security risks include
Access to internal threats is often wide and deep. They have the potential to wreak havoc on a wide range of vulnerabilities, internal systems, data and even critical services.
Recognition of internal threats
The first step in preventing internal threats is to identify the risk factors. There are some widely recognized indicators, including internal threat employees:
- Those whose jobs are in danger
- Those who do not agree with the company’s policy or have demonstrated employee behavior
- In financial difficulties
- Leaving the company
- Those who work at odd times
- Those who seem to be experiencing unexplained financial gain
- With suspicious travel patterns
Being aware of these general indicators of internal threats can help companies take a big step to reduce the impact that these insiders can have on the security of your business. Knowledge is power, and in this case simply paying attention to the actions of employees may be enough to raise a red flag.
So, how do you deal with internal threats?
Technically speaking, internal threats are a challenge that many security programs are unable to accept. A user with legitimate access and knowledge of an internal network cannot be easily identified by the standards of traditional security software. Internal threat actors often do not display malicious patterns and signatures of known threat actors. So, is there a tool to help them find it?
In this case, fraudulent technology is one of the best ways to detect threatening internal behavior. Being able to create high fidelity alerts is an important ability when you are immersed in millions of security events every day. Decoy servers and files that act as breadcrumbs are created and placed within an internal network. These decoys and breadcrumbs are designed as documents that have no business access. Therefore, by definition, anyone who interacts with decoys is, at a minimum, snooping around where they shouldn’t be and could potentially harm the company. This means that the warnings given by fraud technology within an internal network are high fidelity, saving team resources and helping analysts do their job well.
When it comes to creating a “campaign” of deception and deception that will attract insiders and attackers, the most important thing is that they are realistic. It’s always a good idea to ask about the technology behind the deco when evaluating fraud technology. Are they placeable across multiple endpoints? Can you place them externally on Internet-based platforms? Are they highly interactive? Can activity on them be collected and analyzed in real time? The answers to these questions will reveal how effective cheating technology can be.
It is possible to build a defense against internal threats, and the promotion of a well-planned fraud technology is the only way to achieve this.
About the author
Entrepreneur, serial technology inventor, and visionary David Barroso is CEO and founder of Countercraft. Prior to founding the business and developing the cyber fraud platform, he was instrumental in setting up Telefonica’s flagship cybersecurity business, ElevenPaths, and led the cybercrime division at a leading pure-play European cybersecurity company. Barroso is seen as leading the debate on the emerging threat at the Black Hat and RSA conferences, among many others, globally recognized for his contributions to the industry as an impressive speaker, lecturer and thought leader.
After 15 years in the field of cyber security, determining the extent of cyber risk remains at the center of Barrosোর’s trends for research and development. His exceptional ability to innovate in response to emerging threats and his exceptional ability to guide stakeholders towards providing enhanced cybercrime, threat intelligence and proactive defense solutions are based on his position as founder of Countercraft.
David Barroso, Founder and CEO of Countercraft
David Barroso can be contacted online (EMAIL ([email protected]), TWITTER (https://twitter.com/lostinsecurity), LinkedIn (https://www.linkedin.com/in/davidbarroso/)) And on our company’s website https://www.countercraftsec.com/ And social media (TWITTER (https://twitter.com/countercraftsec), LinkedIn (https://www.linkedin.com/company/countercraft/) And YouTube (https://www.youtube.com/c/CounterCraftSec)
[1] https://www.isdecisions.com/insider-threat-persona-study/
[2] https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats
[3] https://www.cybersecurity-insiders.com/portfolio/2021-insider-threat-report-gurucul/
Notice of fair use: Under the “fair use” law, other authors may restrict the use of the original author’s work without permission. 17 According to US Code § 107, certain use of copyrighted material “for the purposes of criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship or research, is not a copyright infringement.” As a matter of policy, fair use is based on the belief that parts of copyrighted material are free to be used for the purpose of public comment and criticism. The privilege of fair use is perhaps the most significant limitation of the exclusive rights of copyright owners. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and much more on our website Cyber Defense Magazine at no charge. All images and reporting are done exclusively under the fair use of US copyright law.
