Inside threats enable vast majority of cybercrimes
No less an authority than colorful cybersecurity pioneer John McAfee firmly believes that the now infamous hack of the US-based Ashley Madison sex-cheating website was an inside job.
Statistically, this is extremely likely to be the case for most cyber security breaches. KCS’ own research shows that 80 percent of corporate cybercrimes can be traced to staff, and this figure is increasing. This can be the result of deliberate cybercrime or it could be that the staff member has been careless with their personal log-in details.
But whether a security breach was malevolent or not makes little difference once an organized criminal gang (OCG) exploits it to the full. Once inside an IT system, OCGs can easily run ransomware across the target organization’s entire communications network.
By encrypting the target company’s most sensitive data while withholding the software key needed for decryption, the OCG is able to demand that the target organization pays a massive ransom to retrieve its data. Should the company refuse or be slow in paying the ransom demand, the OCG may find its most sensitive customer data has been up for sale on the Dark Web, the internet’s largely anonymous mirror economy where it is possible to buy everything from stolen data to illegal weapons.
Ransomware Comes With Telephone Support for Hackers
Ransomware is available on the Dark Web for as little as $500. Some illegal software developers even offer 24/7 telephone support for hackers with weak technical skills. It could, therefore, be a mistake to think that any member of staff except an IT wizard would be capable of stealing corporate data.
In an era where most organizations run on electronic communications, it is not only executives and IT engineers who hold the keys to the IT kingdom. Any member of staff with Internet access at work is a potential breach. Many chief executives pride themselves on being a good judge of character, but few outside small start-up organizations would claim to be able to vet their entire staff with a sideways glance. In many organizations, this leaves thousands of members of staff at all levels appearing to be potential security leaks.
It is, therefore, essential that organizations in all sectors of industry develop a cyber-security policy that no longer only reinforces the company’s outer firewall IT defenses but also tackles the greater danger -- the insider threat. It is, however, essential that this be done without instigating a witch hunt or developing a corporate paranoia where every member of staff feels constantly under suspicion. Ironically, it is precisely this type of paranoid, stressful work environment which new research reveals is the most fertile breeding ground for home-grown cyber criminals.
According to the US Department of Homeland Security: "An inside threat is generally defined as a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system or data and intentionally misused that access to negatively affect the confidentiality, integrity or availability of the organization’s information or information systems".
Homeland Security believes that insider threats involve not only installing ransomware but also include sabotage, theft, espionage, fraud and competitive advantage. KCS’ case files also hold examples of commercial companies being used by foreign powers as a gateway to defense contractors in addition to hackers stealing data in order to disguise as legitimate market research -- a process know as data laundering.
To defend against the insider threat, organizations need to ensure their security software is developed to deal with the growing insider threat. For example, KCS Sentinel ZoneFox monitors each and every user interaction with critical data stored on the firm’s computer systems. By monitoring each and every user interaction with data, Sentinel can inform organizations of any behavior occurring on this systems that may be indicative of malicious or non-compliant behavior.
Companies Blissfully Unaware When Data Is Copied or Stolen
However, in many cases, companies often remain blissfully unaware when data is copied or stolen for malicious purposes. Sometimes, confidential data such as product designs and sensitive customer information is available online via the Dark Web.
Companies should use third-party advisers with deeply embedded sources on the Dark Web so that they can be alerted if some of their data is being offered for sale. By monitoring the online chatter of criminals on the Dark Web, it is also possible to have advanced early warnings of a likely cyber attack.
In an age where executive CVs often describe careers with numerous organizations spread over several continents, it is crucial that incoming staff be thoroughly vetted. This is best achieved by discreet non-conventional due diligence (DNCDD) in order to identify weaknesses or anomalies in someone’s background. Far too many organizations are failing to validate CVs. In 2015, it is almost impossible for any member of staff, not only executives, not to leave a digital trail. While full DNCDD should be deployed in the case of incoming executives, it is now possible to carry out fairly extensive online background of all members of staff to highlight any warning signals.
This can be used to augment the kind of personality profiling that Homeland Security believes can be used to identify potential bad apples. In the absence of online DNCDD, personality profiling can be counter-productive, generating a work culture of paranoia and suspicion.
However, if third-party vetting is carried out discreetly in conjunction with the other forms of monitoring described above, companies can be in a position to trust their staff, while knowing they will be instantly alerted to any potential wrong doing.
Stuart Poole-Robb is the chief executive of the security, business intelligence and cyber security adviser, the KCS Group Europe.
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.