Happy Summer everybody!!!  Today is the official start of the Summer Solstice.  I hope that all of you have a great summer out there and try to enjoy each day is it comes.  As we all know, life is just simply too short.  Anyways, time to move to the topic on hand.  In the world of Cybersecurity, threat variants can emerge from one of two places, or even both. 

These are appropriately the external and the internal environment.  Most businesses seem to be cognizant of the threat landscape as it relates to outside of their business.  For example, this includes attacks such as Ransomware, Phishing, Business Email Compromise (BEC), Cryptojacking, Trojan Horses, Malware, etc., you name it.

But is it the inside environment that is a lot harder to discern in terms of what could potentially be happening.  For example, there already could be a Cyberattacker who is lurking from within the confines of your IT or Network Infrastructure, but you simply have not detected them yet. 

The chances are that given the level of sophistication of the threat actors these days, they will probably never even be detected, as they now can typically evade even most antimalware and antivirus software packages.  This is especially true if they launch file less types of attacks, in which they typically reside in the memory (most typically the RAM) of your device.

But in this regard, there is also yet another type of threat vector that is just as equally hard to find and ferret out:  The Inside Attacker.  Typically, this will either be your employees, or even third-party vendors or contractors that have internal access to your IT and/or Network Infrastructure. 

In fact, according to the latest Verizon Data Breach Investigations Report, at least 30% of all Cyberattacks occur from within the internal environment, as just described.  Trying to identify these kinds of individuals is an extremely hard task.

The primary reason for this is that that there are really no quantitative factors that are involved.  Rather, they all are all qualitative in nature because you really have to understand the human psychology in order to gain a further understanding of who could pose a threat to your business from the inside. 

But it is also especially important to keep in mind that in this regard, it is the employees that are often viewed as the weakest link in the security chain.  This may very well be true, depending upon how you look at things.

But remember, most security breaches that are caused by employees appear to be non-intentional in nature.  Meaning, they have no ill will towards sabotaging your company, it was just either their sheer  or ignorance that led to the catalyst of the security breach from starting in the first place.  But of course, there are those employees that actually have that ill will and are “hell bent” on causing as much damage to your business as possible.

So therefore, you being the business owner, need to understand the psychology of your employees that could lead to suspicion that something could be up.  Here are the top traits that you need to keep your eye on:

*The “Keen Katherine”:

This is the type of employee that is always eager to please his or her boss, and to get all deliverables done on time or even ahead of schedule.  While this can be a good thing, the itchy trigger that they possess could also result in a security breach.  For example, if they receive an Email from the CEO asking them to access and send over some confidential corporate data, they will do so in moment’s notice, without taking the time to see if that particular is for real or not.  In this unfortunate situation, most likely the Email was a Phishing based one, and they Cyberattacker is now the recipient of a huge array of crown jewels that was just sent over to them.

*The “Confident Chloe”:

This is the kind of employee that appears to be confident in just about everything that they do when it comes to doing their job.  While no doubt that this is a particularly good thing, it can also have its pitfalls as well.  For example, their over confidence will likely spill over into them being a little to overconfident in their ability to understand the security environment that they are currently in.  Because of this, they may unintentionally respond to a Phishing based Email thinking that they know what one looks like already.  But given the sophistication of these kinds of Emails today, it is even hard sometimes for the hard core Cyber professional to even discern what is real and what is fake.

*The “Tired Tim”:

This is also the kind of employee that means no real harm.  He or she simply just has too much on their plate, either at the job or in their personal lives.  Given with how much they have to handle, they tend to have much more “racing thoughts” than the average individual, and because of that, they seem to be forgetful to do things, especially when it comes to security.  For example, they may answer the phone and give out company information when they are tricked into believing that the caller is a higher up in their organization.  This is where the tactics of Social Engineering come into play, and the Cyberattacker is fully aware and cognizant of this.  Also, it is this kind of employee that will become less engaged into those protocols that they deem to be of less priority – such as that of following and abiding by the Security Policies that you have set forth.

*The “Reckless Raj”:

This is the type of employee that will cut corners in order to get their job tasks done ahead of time, in order to please their boss.  But when it comes to security, this is a huge no-no.  For example, he or she will more than likely not make use of newer software applications as they are rolled out into the production environment.  Rather, they tend to be creatures of habit, and like to stick to what they feel comfortable that they are currently using.  For example, if you mandate the use of Microsoft OneDrive to back up work documents, and if they don’t like using it, then the chances are much greater that they will use some other non-approved application, like either Google or Dropbox.  While these are safe tools to use, the fact remains that they have not been approved by your IT Security team for business use.  This psychological phenomenon is also known as “Shadow Management”, and over time, it can be a grave security issue to your business.

*The “Sneaky Sara”:

This is the kind of employee whose actions tip over the border line into being that of malicious in nature.  For example, if he or she is looking for a new job, the chances are that they could give out your company secrets to the interviewer in the hopes that they will secure that new job they are wanting.  Or worst yet, a third party vendor that you have outsourced some of your business functions to could try to “woo” this kind of employee with gifts or even money if they will divulge out your Intellectual Property (IP) to them.  Or he or she may try to use the prospects with whom that they have built up a relationship with and use them to come over to a side business that they are trying to launch.  Of course, they will see nothing wrong with this because they think that the contacts, they have cultivated are the result of their own hard work, so this is should be OK, which in reality is not.

*The “Agitated Alan”:

This is the type of employee that you need to have remarkably close eyes on.  For some reason or another, they harbor negative and bitter feelings about your company.  This come stem from a wide variety of reasons, for example, they could have been turned down from a job promotion that they had felt that they were going to get, or did not get the raise they feel that they are deserved to get.  Or worst yet, they may think that all of the hard work they have done to get new customers should have been credited to them, instead of their boss.  This is kind of employee that will have a higher statistical probability of initiating an Insider Attack at your company in order to get a sense of revenge.

My Thoughts On This

Although the threat of Insider Attacks has always been a problem, this problem has only become exacerbated with the angst and the anxiety that COVID19 has brought on, especially when it comes to WFH.  But it is only going to get much worse from here.  

For example, just in the last decade (2009-2019), the total number of just data privacy breaches increased by a whopping 196%, in which well over 471 million data records were at stake.

But with the WFH trend now starting to become a reality for most businesses, it will be even harder for you to keep your personal eye on these kinds of employee personas just described.  But there some way around this. 

For example, if you move all of your IT and Network Infrastructure to the Cloud, such as that of Azure or the AWS, and create the needed Virtual Machines (VMs) and Widows Desktop Services (WVDs) from that, you will be able to detect much better for any signs of unusual or anomalous behavior.

The reason for this is that these Cloud based platforms now offer great and sophisticated monitoring tools for this very reason.  In fact, you can deploy most of them within minutes with just a few clicks of your mouse.  Of course, though, if this is your first time doing this, then you should probably outsource all of this to a reputable Cloud Solutions Provider.

But, if you are planning on having your workers return back to varying degrees to your brick and mortar location, then you should also implement a 24 X 7 X 365 tip hotline, so that employees  can report odd behavior anonymously.  In the end, keep this in mind:  More eyes to help you watch your back are far better than just two of them.