Insider Threats Often Overlooked by Security Experts

Image

In today’s world, where technology is becoming an ever greater part of our everyday lives, it appears we aren’t quite keeping up with it. Believe it or not, we still tend to underestimate the importance of cyber security, as a recent survey by Soha System’s Third Party Advisory Group has shown. According to the survey, less than two percent of IT professionals think of third-party access as an IT priority.

That’s a staggeringly low number considering the rate at which security threats are advancing in both quality and quantity. For example, just take the most prominent of the outside cybersecurity threats – ransomware. In the third quarter of 2013, there were about 1.5 million unique samples of ransomware, whereas by the second quarter of 2015, that number had jumped to 4 million.

That uptick in ransomware is still growing, with leading security specialists predicting an imminent increase in the number of ransomware sightings this year. Or take another example of hackers’ heavy artillery – rootkits (and bootkits). These malicious pieces of programming settle deep into your operating system, infect core parts of it, such as the kernel, and grant unauthorized users (read: hackers) access to your computer. Rootkits are closely associated with another infamous threat – Trojans, which act as a backdoor for accessing infected computers. According to some estimations, Trojans make up over 80% of all existing malware.

They are also some of the most undetectable (if not the most) viruses, which, when coupled with their vast range of applications, makes them both an invaluable asset to cybercriminals and a serious danger to the rest of us. Their uses vary from converting PCs into “bots,” to corrupting data, to spying and beyond. Speaking of spying, another very widespread security hazard – known as spyware – poses a huge threat to the privacy of users and organizations alike. It’s a general term for any software (including Trojan horses, as pointed out above) that tracks your personal or sensitive information with the help of various techniques, such as key logging.

Finally, we come to a relatively lesser known phenomenon called DDoS (Distributed Denial-of-Service) attacks. It involves the process of flooding a certain online service, such as a news or bank website, with traffic, effectively making it unavailable. DDoS attacks are by far one the fastest growing threats out there. Expectations are set for a whopping 125% increase in DDoS attacks this year compared to 2015.

Insider Threats

We come to the most underestimated risk, which is the damage caused by insiders. These might not necessarily be malicious employees, who intend to inflict harm, but they might instead be inadvertent “actors,” who grant access to outside attackers without realizing it. Either way, both types are to be kept in mind. Malicious insiders, who are well aware of the trouble they’re causing, can be of several types:

• Compromised individuals, who work together with someone from the outside and who are therefore very difficult to detect.
• “Slighted” attackers, who are often former employees with still active access credentials. They typically act out of feelings of anger or bitterness, so they’ll aim to destroy company networks or steal information.
• Tech-savvy insiders, who are well acquainted with any flaws and vulnerabilities in the security system and who will exploit those to gain access to sensitive information, which could be sold to competitors or other external parties.

One of the most infamous examples of an insider breach discovered just in time happened at Fannie Mae way back in 2008. A logic bomb had been planted by an IT contractor with the intent of wiping out all 4,000 of the company’s servers, and it was set to go off on January 31, 2009. The contractor had been previously terminated, yet he had still managed to plant the logic bomb just before losing access to the network. Sadly, the actions of unintentional actors can prove to be just as devastating. Instances of employees who are either ignorant, or simply negligent, towards basic security measures can end up causing data breaches without them even realizing it.

A perfect example of an inadvertent security breach recently took place at Google when an employee at a third-party vendor handling the company’s benefits accidentally sent an e-mail containing confidential information, including Google employees’ personal details, to a benefits manager at another company. As a result, Google had to send a data breach notice to an undisclosed number of employees. One of the most widespread mistakes people make is accessing confidential data through public Wi-Fi networks, along with failing to use encryption when accessing valuable data. Even things as important as a corporation’s financial information are often not encrypted, as a recent Sophos survey showed. Another brilliant index of how little meaning we, as a society, assign to cybersecurity is the following ‘fun’ fact:

According to an estimation made by the research company Gartner, around half of all employers are expected to start requiring that each worker use their own devices for work by 2017.

That’s only six months away, and it's alarming, to say the least. Many people are especially negligent with their mobile devices’ security, often downloading apps from unsafe locations or “jail-breaking” their phones. The same goes for using compromised USB sticks, as they can be lost, stolen, or used by anyone else at any given time.

It’s not uncommon that people will neglect to delete confidential materials from the device once their purpose has been fulfilled. Other vulnerabilities are formed by weak passwords and not responding to update notifications in time. Most of us are guilty of ignoring the messages prompting us to update something on our computer, but the truth is that those updates are mostly aimed at preventing security risks out there.

In other words, by refusing to update your device, you are basically putting yourself at risk of a breach. As far as passwords go, the latest research doesn’t offer much comfort either:

According to Kaspersky, just 58% of all surveyed consumers use passwords on their devices.

Alarmingly high is the percentage of people using one and the same log-in information for both private and professional accounts.

Improving Your Company’s Security

It doesn’t take much effort to minimize your exposure to potential threats, but it’s an effort that needs to be made. A good way to start would be by putting Insider Threat Protocols in place and restricting the access to your network. You can make sure that no concurrent logins are made possible, and you can also limit users’ access to their physical location (workplace). Something you should absolutely avoid using is shared passwords.

They are convenient at times, but they may pose a real problem. And last but by no means least, when dealing with any issue, education is paramount. Educate your employees on data security and stress how significant it is that they follow all the necessary procedures. Well informed is well armed!  

About the Author:

Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people. In his off time he is an avid book reader, occasional PC gamer and affectionate football spectator. Daniel would hardly begrudge anyone who might call him a computer nerd, yet this might be just the thing one needs in case of a security issue.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.