An email titled ‘2011 Recruitment Plan’ piqued the interest of an RSA employee, who retrieved the file from the junk folder. However, opening the attachment triggered an attack on RSA’s systems that compromised nearly 40 million employee records. Till today, no one knows exactly what data – and how much of it – was stolen.
Despite being one of the many targets of an aggressive phishing campaign, the employee became an unwitting participant in an insider attack on RSA.
An insider threat is any threat that stems from people close to an organization. In the case of cyber security, insider threats stem from people who use their authorization and credentials to steal data. In some cases, this is intentional and malicious; in others, vulnerable employees are lured into taking actions that inadvertently lead to a cyber-attack.
A Kaspersky expert once said, “The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organization in a world where attackers don’t hesitate to exploit insider vulnerability.” Companies that suffer from cyber-attacks are scrutinized by the public as well as regulators, resulting in negative brand image and costly penalties. So, what can organizations do to safeguard themselves from unintentional insider threats?
Tips for employees: be aware of your threat landscape
CNBC claims that user negligence is the leading cause of insider attacks. User negligence could be as simple as leaving an unlocked desktop unattended, ignoring security protocols, or even sharing account or password details (like we do with our internal IT teams).
Poor digital security education or threat intelligence, and weak IT security protocols are some of the leading causes of insider threats arising from unintentional misuse. On their part, users must be uncompromising when it comes to protecting their account details, no matter how privileged or simple their accesses. This includes practicing strict account management, maintaining strong passwords, and paying careful attention to detail. Some reports even suggest avoiding multi-tasking when handling sensitive data as it can lead to lapses. Finally, ensuring one’s systems and software are updated on-time regularly can make all the difference, as described below.
Tips for leaders: invest in robust security practices
Contrary to initial suspicions that the wave of WannaCry attacks in 2017 began through phishing emails, the first victims of the ransomware were, in fact, users who failed to update their systems with Microsoft’s latest security patch, which was released 2 weeks before the attack. Outdated software and limited user knowledge contributed to the global and rapid spread of these attacks whereby files containing important information were encrypted and a ransom sought from those wishing to regain access to their data. In some cases, even when the ransom amount was paid, the data was never retrieved.
Strong user education is vital to creating a culture of cyber security and minimizing incidents similar to the WannaCry attacks. Under their purview, leaders can ensure frequent and relevant cyber security training to promote awareness about an organization’s security procedures and protocols, acceptable and unacceptable behaviours, and mechanisms for reporting suspicious activity. Making these programs mandatory across all hierarchical levels helps users know what to look out for, avoid, and report.
Nothing can replace constant monitoring, though. For companies lacking a holistic approach to cyber security, it helps to appoint dedicated managers for instituting robust threat scoring and surveillance programs that identify risky user actions, analyze incident histories, improve threat response, and more.
What actions can you take today to protect yourself from becoming an insider threat?