It’s almost hard to believe that in just under two weeks, we will be approaching June, the halfway mark for this year. It seems like yesterday I was blogging about the predicted threats for 2019 back during the holidays. For sure this year, we have had our fair share of attacks, threats, etc., you name it. It’s been pretty much the same news over and over again on a daily basis.
That is why I try to avoid covering those stories that keep repeating themselves. Probably one of the newer forms of attacks that have been coming out is that on Critical Infrastructure. We haven’t seen too much of it reported in the news, but they have hit the small towns across the United States.
The big one hasn’t quite happened yet. Ransomware continues, and in fact, I believe that even Baltimore, MD was hit by a recent attack, and the mayor has refused thus to pay the ransom.
But despite all that is going on…there is still one threat that is lurking out there, which barely, at all, receives any attention. It is that of the Insider Threat. By this, I am referring to businesses and corporations that hire employees, freelancers, contractors, etc., that either work on site or off site.
But despite the geographic location of there they work, they possess one thing: Access to your IT Infrastructure in some fashion, depending upon the levels of permissions that you have given them.
Consider some of these examples:
*The ever so famous Sony breach was actually caused by an inside job. As I understand it, it was because the company simply forgot to lock their doors. Because of this, ex and even current employees could get in quite easily and steal all sorts of thigs. This included the PII on employees, compensation data, copies of films still under production, internal emails and even intellectual property. The perpetrators of this crime also demanded to have access to an upcoming film that caused it from being cancelled. In the end, Sony spent a staggering $15 million to deal with all of this.
*Another inside attack that made the headlines was the one that impacted Anthem. In this situation, the perpetrator of the crime covertly stole the medical information of some 18,000+ Medicare members. This started to happen in 2016, and Anthem didn’t even know anything about it until later on in 2017 (in fact, I was even a contract tech writer at Blue Cross Blue Shield when all of this hit the fan). Apparently, the person who initiated this crime subsequently emailed all of this stolen information to himself, using his personal email address.
So, how does an organization protect themselves from being a victim of an inside attack? Really, there is no easy answer to this. The bottom line is that once an employee has access to something, and if they have the intent to do harm, they will stop at nothing to launch their attack.
It could happen immediately, or it may even take months for somebody inside your company to figure out all of the inner workings of your business.
You can conduct all of the background checks you want to, but what if they all come clean? Does that mean a new employee that you bring on board won’t still have some sort of motivation to perhaps launch an inside attack? Of course not.
Even those employees that have worked with you for 20+ years could still launch an inside attack, completely right behind your back, as they will have the most intimate knowledge of your IT systems.
These days, all of the talk is about having multiple layers of security, so that in case one line of defense has been broken through, it would be theoretically close to impossible for the Cyberattacker to penetrate through the other lines of defenses. But you have to be careful here as well. There needs to be a balance of just how much security technology you deploy.
For example, if you deploy too much, this will only increase the attack surface for the perpetrator. If you deploy too little, then you leave more gaps open and thus, you make your company that much more susceptible in becoming a victim.
What is one to do here? Probably the best start is to hire a well established Cybersecurity company that specializes exclusively in just conducting site surveys, and providing to you recommendations as to the type of security technologies and how they should be placed so that you get the maximum Return On Investment (ROI) not just from a Cyber standpoint, but from a monetary one as well.
In other words, you the business owner, could build a fortress of security like Fort Knox has, but remember, all it takes is just one little simple puncture of it in order to open the doors for an Inside Attack to happen. But here is another important thing you need to remember as well: If you have too much security, especially in the way of surveillance cameras, this could be very detrimental to the human psyche.
For example, employees will feel like that their every move is being watched, and this could even lead to a decline in productivity over a period of time. In the end, it is the happy and content employees that will be the biggest producers for your business, and you don’t ever want to lose of that. Although technology can be defeated, there is one thing that cannot be defeated: Human behavior.
What do I mean by this? Unless an employee is an utterly hardened criminal (and basic background check should reveal for this in just a matter of minutes), before he or she launches or even engages in their Inside Attack, there will always be subtle clues in both their demeanor and their behavior that you need to be aware of.
For example, the individual in question will start to act nervous, or display other unusual signs that can be difficult to pick up. They will log into their computers at odd times of the day and night, and even attempt to access resources that they should not be. You don’t need the latest and greatest firewall to tell all of this to you. The most thing, such as the log and event files will tell all of this to you.
Thus, it is very imperative that you and your entire IT team take a look and examine these logs on a daily basis if at all possible. These logs won’t lie to you, and they will reveal any suspicious behavior or anomalies that you need to be aware of. It is probably in these instances that spending some money on an Artificial Intelligence (AI) engine or tool would be of great help to your business.
For instance, they can do the mundane and ordinary tasks of checking your log files on a daily basis, and even make predictions into the future threat landscape, as they learn from the data that you feed it. Another simple way you can help to mitigate an Inside Attack from occurring is simply giving your employees the bare minimum access that they need in order to conduct their everyday job tasks.
For example, an administrative assistant should just be given access to the repository of documents that need further editing or revisions, versus a network administrator who would need access to virtually all aspects of a network system. But even in these instances, you should on a regular schedule, check the integrity of the rights and privileges that you have assigned to all of your employees, just to make sure that they have not been maliciously altered.
Remember the goal is to try to avoid an Inside Attack from happening before it actually starts, by looking for these kinds of suspicious activities as just described. If you do suspect an employee, make sure that you have all of your evidence lined up before you even accuse them.
If you suspect an employee, always consult wit your business attorney first as to what the legal ramifications are with regards to this. After all, if you accuse an employee wrongfully, then this will be a very fertile ground for that individual to file a lawsuit against you.
Perhaps even consider hiring a well-established private investigator to keep tabs on your suspected employee after business hours, to see what they are up to. Remember, Inside Attacks are probably the most difficult of all kinds of threats to detect – because you have an implicit level of trust that you have established with your employees.