Exploring Insider Hazards: Are your Workers Promoting External Menaces?

Jul 17, 2024The Hacker NewsInsider Threats / Cybersecurity

Network breaches are frequently well-planned offensives executed by sophisticated hazards. At times, your technological defenses pose a formidable obstacle, necessitating internal aid for a successful breach. For instance, in 2022, the FBI cautioned¹ about the burgeoning SIM swap attacks: gaining control of the phone serves as a gateway to email, bank accounts, stocks, bitcoins, identity credentials, and passwords. During the recent spring, current and former T-Mobile and Verizon staff mentioned getting unsolicited text messages offering side earnings² in exchange for deliberately supporting “SIM jacking.”

Although stories of deceitful insiders grab headlines, many external attacks originate from a less conspicuous source: the inadvertent insider. These individuals, whether long-term employees, contractors, associates, or seasonal workers, inadvertently enable the exploitation of internal vulnerabilities due to carelessness or lack of consciousness.

Inadvertent insiders unwittingly jeopardize security due to:

• Lack of Knowledge: Employees lacking familiarity with optimal cyber defense practices are susceptible to falling for phishing schemes, opening malware-laden attachments, or clicking on links leading to malicious sites. Awareness ties into organizational culture and mirrors the potency of non-technical constraints, notably leadership.
• Performance Pressure: Workers explore ways to “skirt” regulations or bypass technical checks to complete tasks or meet stringent deadlines.
• Weak Credential Management: Adoption of feeble passwords, sharing passwords, and reusing passwords on personal and professional accounts makes it simpler for assailants to obtain unauthorized entry.
• Unauthorized File Transfers: Unauthorized and unregulated transfer of data across security sectors, including to personal removable media or public cloud services.

By inadvertently undermining security conventions, inadvertent insiders pave the path for external assaults in multiple ways:

• Initial Breach: Phishing emails can deceive unwitting insiders into disclosing network or application credentials, allowing attackers to infiltrate internal systems. This initial breach method lays the groundwork for subsequent attacks.
• Enhanced Privileges: Accidentally downloading malware can bestow elevated privileges on attackers, empowering them to interfere with vital systems or purloin large data volumes.
• Sideways Progression: Upon infiltrating, offenders will leverage an insider’s privileges to traverse laterally across the network, reaching sensitive data and applications or introducing malware to additional systems.
• Psychological Manipulation: Social engineering tactics exploit interpersonal trust. Assailants can masquerade as supervisors and colleagues to manipulate insiders into revealing sensitive details or using their powers for the external threat’s advantage.

The repercussions of attacks facilitated by inadvertent insiders can be substantial:

• Monetary Losses: Data losses stemming from insider carelessness or indifference result in substantial fines, legal consequences, and remediation costs.
• Damage to Reputation: Public exposure of an event involving insiders can severely harm an organization’s reputation, resulting in decreased business and erosion of consumer trust.
• Operational Interruption: Assaults can disrupt business operations, leading to downtime, reduced productivity, and hindered revenue generation.
• Theft of Intellectual Property: Foreign entities and rivals may leverage stolen intellectual property for an unfair market edge.

The positive news is that the threat posed by inadvertent insiders can be significantly diminished through proactive measures:

• Cybersecurity Training: Routinely educate workers on optimal cyber defense practices, encompassing phishing awareness, password security, and secure data handling methodologies.
• Security-Oriented Environment: Cultivate a security-focused climate within the organization where employees feel at ease reporting suspicious behavior, and managers are educated and empowered to utilize internal resources to address security issues.
• User Activity Monitoring (UAM): Monitor adherence to acceptable use policies and intensify oversight of privileged users with advanced access and the capacity to manage security mechanisms. Integrate behavioral analytics to scrutinize UAM and other enterprise data to assist analysts in identifying the most hazardous users and organizational concerns, such as hostile workplace atmospheres unveiled through sentiment analysis. Hostile work environments diminish employee engagement and increase discontent, creating a volatile scenario for insider risks.
• Content Disarm and Reconstruction (CDR): Proactively safeguard against identifiable and unidentifiable threats present in files and documents by extracting genuine business content and discarding untrusted content, such as malware and suspicious executable material.
• Cross Domain Solutions: Eradicate unauthorized data transfers and illicit cloud service usage, replacing these practices with automated policy-driven profound inspection of content in an unhindered user experience. Enable personnel to securely and swiftly transfer data across security domains that underpin business processes while safeguarding data and information systems.
• Institutionalize Acknowledged Best Practices: Carnegie Mellon SEI CERT, MITRE, the NITTF, and CISA are exemplars of organizations that have issued optimal practices integrating organizational checks across management, human resources, and other facets affecting the employee journey as well as coherent technical impediments that act as buffers against inadvertent and malevolent insiders.

Inadvertent insiders pose a significant menace that could render organizations susceptible to external threats. Yet, by instituting proper education, technical and administrative controls, and fostering a security-conscious atmosphere, organizations can profoundly diminish the threat.

Shield against risks brought about by trusted insiders with Everfox Insider Risk Solutions.

Note: This article was composed by Dan Velez, Sr. Manager of Insider Risk Services at Everfox, boasting over 16 years of insider risk and threat expertise at Raytheon, Amazon, Forcepoint, and Everfox.