How many types of insider threats are there?
One? Three? Six? All of the above is likely correct, although most people would indicate one commonality in their answers: humans. Most would also separate this human threat into three categories: compromised, negligent, and malicious.
A compromised threat is the act of using another person’s credentials to access information and resources, often without the knowledge of the user. Malware is a common example of this, with viruses using whatever access the logged-on user has to the network. Specifically, hackers use phishing techniques to give themselves backdoors to systems and information they can use at will. We see this daily in our social world with hackers trying to steal personal information or identities and impersonating email addresses from relatives and friends.
Negligent (or uninformed, unaware, accidental) Threats
Companies typically put communications methods in place for employees to use such as email and instant messaging. They will also put technology in place to prevent sensitive information, (such as social security numbers or account numbers), from being sent using these methods, but users without proper security training often transmit information electronically that could either directly or indirectly expose confidential data.
People have long sent data from their work email to a personal email address so they could continue working on it at home. The document(s) are saved locally at home and sit there forever…just waiting to be stolen. These users are often just unaware of the potential impact their actions have on a business. We also see accidental deletions of files and data that could be disastrous for companies simply because the users have too much access to network resources.
Malicious employees are dangerous for many reasons. While employed, they have access to data, proprietary information, financials, etc., that if abused, could be used for personal gain or against the company. When triggered to anger, malicious employees assert ‘revenge’ by willfully destroying or modifying data to hurt or hamper a company’s efforts in the market or its general operations. Contractors and vendors who work within a facility and have access to network resources can also provide information related to security practices or even actual data to outside sources. A high-profile example of this is a recent court case where automaker Tesla Motors sued a former employee for allegedly stealing data, claiming he wrote code that copied 300,000 files of Tesla’s Autopilot technology program for use at a competitor.
Another example of malicious insider threat is the case of an employee of a California-based IT company who hacked into the company’s O365 instance and deleted 1200+ Microsoft Office 365 user accounts. The company had no Office 365 data back up and the effects were costly in both time and money.
What can I do about insider threats?
Trying to stay ahead of every possible threat could feel like a dog chasing its tail. Many technology providers offer software and/or hardware appliances that monitor and prevent certain types of intrusion, network activity, and file access. Users develop traits over time that software learns and can alert administrators when usage deviates from normal patterns, perhaps indicating a compromised user or other nefarious activity.
The education of users is important; many problems could be solved if users simply understood certain risks and the appropriate use of electronic tools. Also, using the Principle of Least Privilege (PoLP) is a good way to restrict and control access to network resources.
For as many insider threats exist, many more ways exist to prevent (or at least dissuade) them. Best practice is to have good backups and keep copies of data offsite, as your data—application data, customer data, or otherwise—is the heart of your business. Many of the threats mentioned in this post introduce malware or ransomware to an environment and involve the destruction or encryption of data. Backups should always be the first line of defense against data loss, and because of their value, they are often a target for a cyber attack. Keeping that data offsite is imperative.
Global Data Vault, a platinum Veeam Cloud & Services Provider, has helped companies recover from insider threats and attacks by maintaining secure backups. We have developed, and put in place, technologies to separate data from insider threats. In addition, we partner with cybersecurity company BitLyft to monitor and respond to suspicious behavior across our infrastructure, and we extend that perimeter to the backup data on-premises at your location.
Global Data Vault’s regular series of Cybersecurity webinars often touches on Insider Threats. The two below are particularly relevant:
Insider Threat and Enhanced Data Protection
What is an insider threat and how do they affect businesses? How do I defend and protect myself against insider threats and malware? Find out the answers to these questions and learn how to create a complete security posture.
Ransomware and Insider Protection
In today’s technological world an insider threat can be much more than a disgruntled employee. Watch the Ransomware Webinar below to find out more about the three types of insider threat.