Traversing Insider Hazards: Are your Staff Facilitating External Menaces?

Jul 17, 2024The Hacker NewsInsider Threats / Cybersecurity

Assaults on your network often result from meticulously orchestrated campaigns launched by sophisticated hazards. Occasionally, your technological bulwarks present a substantial challenge, necessitating internal assistance for the attack to succeed. For instance, in 2022, the FBI raised an alert¹ about the escalation of SIM swap attacks: attaining control of the phone provides a gateway to email, bank accounts, stocks, bitcoins, identity credentials, and passwords. This spring, present and former T-Mobile and Verizon workers communicated occurrences of receiving unsolicited text messages soliciting their interest in earning extra money² in return for deliberately facilitating the “SIM jacking.”

While these sensational insider’s malevolent acts undeniably hold true, many external breaches emanate from a far less conspicuous origin: the unintentional insider. These individuals are long-serving staff, contractors, associates, or even temporary seasonal laborers who, due to oversight or lack of knowledge, contribute to exploiting internal vulnerabilities.

Unintentional insiders inadvertently jeopardize security due to:

• Lack of Comprehension: Staff members unfamiliar with optimal cybersecurity protocols may fall prey to phishing attempts, unknowingly open malware-laden attachments, or click on links leading to malicious websites. Awareness correlates with the organizational culture and mirrors the efficacy of non-technical restraints, particularly organizational leadership.
• Pressure to Achieve: Your workforce grasps the methods and occasions to “bend” regulations or bypass technical restrictions to fulfill tasks or meet stringent deadlines.
• Inadequate Management of Credentials: Feeble passwords, password sharing, and password replication across personal and professional accounts simplify unauthorized access for malevolent parties.
• Unauthorized Data Transfer: Unapproved and unregulated data transfer across security boundaries to personal removable media or public cloud services.

Through inadvertently compromising security protocols, unintentional insiders open avenues for external assaults in multiple ways:

• Primary Incursion: Deceptive phishing emails can deceive unwitting insiders into divulging network or application credentials, granting trespassers access to internal systems. This initial incursion serves as the groundwork for subsequent attacks.
• Escalated Privileges: The accidental installation of malware by an insider can bestow attackers with elevated privileges, enabling them to tamper with critical systems or pilfer substantial amounts of data.
• Horizontal Movement: After infiltrating, intruders leverage the insider’s access rights to traverse laterally throughout the network, accessing confidential data and applications or dispatching malware to other systems.
• Psychological Manipulation: Subversive networking strategies exploit human reliance. Culprits can mimic managers and colleagues to persuade insiders into disclosing sensitive information or utilizing their privileges to favor external threats.

The ramification of an attack facilitated by an unintentional insider can be severe:

• Monetary Losses: Data breaches stemming from insider negligence and indifference result in substantial fines, legal consequences, and the expenses of rectification.
• Damage to Reputation: Public exposure of an insider incident can severely tarnish an organization’s standing, leading to lost clientele and erosion of consumer trust.
• Disruption in Operations: Assaults can disrupt business functions, resulting in downtime, diminished productivity, and impaired revenue generation.
• Pilfering of Intellectual Assets: Foreign nations and competitors may exploit stolen intellectual property to gain an unjust market edge.

The encouraging news is that the peril posed by unintentional insiders can be significantly diminished through proactive steps:

• Cybersecurity Proficiency Training: Routinely educate staff on optimal cybersecurity protocols, encompassing phishing perception, password hygiene, and secure data handling techniques.
• Security-Conscious Environment: Cultivate a security-oriented atmosphere within the institution where staff feel at ease reporting suspicious activities and where managers are educated and empowered to leverage internal resources in addressing security concerns.
• User Activity Monitoring (UAM): Supervise compliance with acceptable usage policies, intensify observation of privileged users with elevated access and authority to adjust security measures. Incorporate behavioral analytics to scrutinize UAM and other enterprise data to assist analysts in pinpointing the riskiest users and organizational challenges, for example, adversarial workplace environments revealed through sentiment analysis. Hostile workplace climates diminish employee involvement and heighten disgruntlement, a hazardous concoction for internal threats.
• Content Disarm and Reconstruction (CDR): Pre-emptively defend against discernible and unforeseen threats harbored within files and documents by extracting legitimate corporate content while discarding distrusted content, including malware and unreliable executable content.
• Cross Domain Solutions: Eradicate unauthorized data transfers and illicit cloud service utilization, and substitute these practices with automated, policy-driven profound inspections of content in an unhindered user interface. Empower your team to securely, rapidly, and safely transfer data across security domains that facilitate business processes while safeguarding data and information systems.
• Institute Approved Optimal Practices: Carnegie Mellon SEI CERT, MITRE, the NITTF, and CISA are among the organizations that have promulgated ideal practices incorporating organizational restraints across leadership, human resources, and other components affecting the employee lifecycle, along with coherent technical measures functioning as guardrails to shield against unintentional and malevolent insiders.

Unintentional insiders present a substantial peril, rendering organizations susceptible to external assaults. Nonetheless, by integrating appropriate training, technical and organizational restraints, and nurturing a security-conscious culture, institutions can significantly diminish the threat.

Guard against hazards posed by trusted insiders utilizing Everfox Insider Risk Solutions.

Note: Dan Velez, Sr. Manager of Insider Risk Services at Everfox, authored this article with over 16 years of expertise in insider risk and threat at Raytheon, Amazon, Forcepoint, and Everfox.