Are your employees contributing to external threats?

July 17, 2024Hacker newsInsider Threats / Cyber ​​Security

Attacks on your network are often carefully planned operations initiated by sophisticated threats. Sometimes your technical fortifications present a huge problem and the attack needs help from within to succeed. For example, in 2022, the FBI issued a warning¹ that SIM swapping attacks are on the rise: Get control of your phone and get a gateway to your email, bank accounts, stocks, bitcoins, credentials and passwords. Last spring, current and former T-Mobile and Verizon employees reported receiving unsolicited text messages asking if they would be interested in more money² in exchange for the intentional inclusion of “Lifting the SIM card”.

These malicious insider headline stories are certainly real, but many external attacks come from a much less visible source: casual insider. These are career employees, contractors, partners, or even temporary seasonal workers who, through negligence or ignorance, allow internal weaknesses to be exploited.

Accidental insiders inadvertently breach security by:

• Lack of Awareness: Employees unfamiliar with advanced cybersecurity practices can fall victim to phishing campaigns, open malware-infected attachments, or click links to malicious sites. Awareness is related to company culture and reflects the effectiveness of non-technical controls, especially management.
• Pressure to perform: Your employees learn how and when to “break” the rules or bypass technical controls to get the job done or meet a tight deadline.
• Poor credential handling: Weak passwords, password sharing, and password reuse across personal and business accounts make it easy for attackers to gain unauthorized access.
• Sneakernets: The unauthorized and uncontrolled movement of data across security domains and onto personal removable media or public cloud services.

By unwittingly violating security best practices, casual insiders pave the way for external attacks in several ways:

• Initial attack: Phishing emails can trick unwitting insiders into revealing network or application credentials, allowing attackers to gain access to internal systems. This initial attack vector becomes the basis for subsequent attacks.
• Elevated Privileges: Accidental insider downloads of malware can give attackers elevated privileges, allowing them to tamper with critical systems or steal large amounts of data.
• Lateral Traversal: Once inside, attackers will use insider access privileges to laterally traverse the network, access sensitive data and programs, or deploy malware on other systems.
• Social Engineering: Social engineering tactics exploit human trust. Attackers can impersonate managers and colleagues to get insiders to reveal sensitive information or use their privileges to benefit an external threat.

The consequences of an accidental insider attack can be significant:

• Financial Losses: Data loss resulting from insider carelessness and ambivalence results in large fines, legal ramifications, and remediation costs.
• Reputational Damage: Public disclosure of an insider event can seriously damage an organization’s reputation, resulting in lost business and undermining customer confidence.
• Business disruption: Attacks can disrupt business operations, resulting in downtime, loss of productivity and disruption to revenue.
• Theft of intellectual property: Foreign countries and competitors can use stolen intellectual property to gain an unfair advantage in the marketplace.

The good news is that the risk from accidental insiders can be significantly reduced with proactive measures:

• Security Awareness Training: Regularly train employees on cybersecurity best practices, including phishing awareness, password protection, and secure data handling practices.
• Safety Culture: Develop a safety culture within the organization where employees feel comfortable reporting suspicious activity and where managers are educated and empowered to use internal resources to address safety issues.
• User Activity Monitoring (UAM): Monitor compliance with acceptable use policies and increase surveillance of privileged users with increased access and the ability to manipulate security controls. Add behavioral analytics to examine UAM and other enterprise data to help analysts identify the most at-risk users and organizational issues, such as hostile work environments, identified through sentiment analysis. A hostile work environment reduces employee engagement and increases dissatisfaction, which is a dangerous recipe for insider risk.
• Content disarmament and reconstruction (CDR): Proactive protection against known and unknown threats contained in files and documents by extracting legitimate business content and removing untrusted content, including malware and untrusted executable content.
• Cross-domain solutions: Eliminate sneaker networks and unauthorized use of cloud services and replace these practices with automated, deep, policy-based content validation in an unencumbered user experience. Enable your employees to move data safely, securely and quickly between security domains that support business processes while protecting data and information systems.
• Institutionalize accepted best practices: Carnegie Mellon SEI CERT, MITRE, NITTF, and CISA are examples of some of the organizations that have published best practices that include organizational controls over leadership, human resources, and other elements that affect the employee lifecycle and aligned technical means of control. which act as fences that protect against random and malicious people.

Casual insiders pose a significant threat that can leave organizations vulnerable to external attacks. However, by implementing appropriate training, technical and organizational controls, and developing a safety culture, organizations can do much reduce risk.

Protect yourself from the risks posed by trusted insiders with help Everfox Insider Risk Solutions.

note: This article was written by Dan Velez, Senior Manager of Insider Risk Services at Everfox, who has over 16 years of insider risk and threat experience at Raytheon, Amazon, Forcepoint, and Everfox.