A crime committed by or with the assistance of a person living or working on the premises where it occurred. That is the definition of an “Inside Job” according to Merriam-Webster. Many business owners associate the attackers as a hoodie-clad person slouched over a keyboard, from some foreign location. Companies such as Equifax and Home Depot spend millions on their external threat defenses against these faceless digital nemeses.
The fact is the majority of our attacks are an “Inside Job.” In a Cyber Security Intelligence Index conducted by IBM, 60% of all attacks were determined to be carried out by insiders. An accountant may have replied to a message he/she believed to have come from the bank, or the sales rep clicked on an email link from “Microsoft” that they shouldn’t have. It could even be the CEO, working on a home computer with outdated anti-virus who becomes a victim.
As improbable as it sounds, the worst attacks originate from an internal source. The actions of the employee tend to be the most significant vulnerability for an organization. A Harvey Nash/KPMG Survey of 4,500 global IT leaders found that insider threats are perceived as the most rapidly growing security risk to companies.
Before addressing the threat, it’s helpful to understand the types of insider risks:
Human Error – This is one of the major factors in breaches. Misaddressed emails, stolen devices and the transfer of confidential data to insecure home systems—the risks are endless with your end-user community. The riskiest of these are well-meaning IT admins, whose complete access to company data turn simplicity into complexity relatively quickly.
People leaking passwords – Malicious employees whose intent is to obtain data or damage a company are very real risks. Some steal competitive information; some sell data or intelligence while others have a vendetta against the organization.
A wolf in the clothing of Sue from accounting – Hijacking of end user identity is a genuine threat. This is accomplished by compromising an employee’s system through malware, phishing or smishing attacks. Stolen credentials are leveraged to access an end user’s system, and from there the attacker can increase and exploit these credentials and have access to more sensitive information.
What makes these attacks so dangerous is that they fly below the radar because they are internal. Particularly in the latter two bullet points, malicious offenders can erase evidence of their activities, preventing future forensic investigations. The advances in technology, however, have not solved the issues still present, and managers need to be aware of what to look for and how to focus their security efforts, which include:
Focus on the right assets – attackers want your data, your “crown jewels.” Identify the most-valuable systems and data and focus the concentration of your defense on those areas, along with frequent monitoring.
Know your people – The users in your environment hold the potential for the greatest damage. Addressing the security risks that these people represent and the critical assets they access, should be a priority. A focus should be on top executives, key vendors and at-risk employees for greater vigilance.
Hackers may attack small businesses to gain access to data—specifically credit cards, social security numbers, passwords and banking information. Organizations need to apply Security Awareness training to educate their end users. Note the chart below that lists how cyber attacks come from different categories when attacking small businesses.
Cybersecurity experts advise that internal attacks could hit businesses increasingly in 2018 and 2019. These types of attacks aren't accidents (as in many cases of phishing) but planned, intentional attacks by malicious actors within an organization. Businesses should consider investing in training and security staff to protect against this form of attack.