We mostly think about cyberattacks as coming from an external source—someone or something outside the organization and, well, often outside the country. But there is something else much closer to home we really need think about. It lurks and waits, using business data every day, and it may even be sipping a latte in your conference room right now. It’s called the Insider Threat.
There’s the obvious version, a disgruntled or mischievous employee who might attempt to sabotage or steal data like the company CRM or access confidential files or financials. And in more sophisticated scenarios, they might put viruses on the network or intentionally delete data.
There’s also sweet Alex who everyone loves for bringing in cookies and muffins. Alex probably does a fantastic job taking care of customers and assisting team members. But after a long day of work, all it takes is for Alex to make one mistake...
- Send an email to the wrong email address
- Place a sensitive file in the wrong folder
- Leave a USB key with sensitive data at the coffee shop
Not Just Employees
An Insider Threat is defined by Homeland Security as, “a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data.” One local example, this week right here in Maine we learned of an incident this week where a contractor posted confidential, private information of over 2,000 people who receive foster care benefits on a public website… by accident.
The Biggest Threat We Face?
An article from The State of Securitypaints the picture, stating “when you combine the incidents involving malicious and inadvertent insiders, you will see that they are dwarfing any other computer security threat that your company faces.”
But come on…what could really happen? My people are great!
Let’s consider a few real-world “insider threat” scenarios to keep in mind:
- CEO: Receives a sophisticated phishing email. Fills in credentials and provides login/password. Same credentials used on all systems.
- Sales Rep.: Takes company CRM & price lists to bring to their next employer. Used for competitive purposes.
- Finance Manager: Wants to work from home on the weekend, puts financials on a USB key, loses it at the local coffee shop. Critical information gets in the wrong hands.
- Reception: Receives a well-orchestrated fraudulent phone call. Provides confidential company information over the phone. Criminal plots an upcoming attack.
- CFO: Falls for a phishing email from what seems to be the CEO. Approves rush invoice payment. Funds sent to attacker.
Protect Yourself From the Inside Out
Protecting against insider threats, intentional and unintentional, is a critical aspect of cybersecurity. It starts with awareness, recognizing the real risks that exist in every organization.
- Build a cyber smart culture in your organization through ongoing education, training, and testing. Make sure every team member understands what insider threats are and look like.
- Deploy cyber strong technology such as DLP (Data Loss Prevention) solutions that enforce policy and prevent sensitive data from leaving the network in the wrong way. Ensure all users understand that they are in place, how they’re being used, and most importantly, why.
To think outside the box on how you might improve your cybersecurity posture, don’t forget to think inside the box.
Your Friends @ Defendify