Layoffs this year have totaled in the tens of thousands for technical employees— and this is just looking at the technical personnel that have been cut loose. Employees across specialties are feeling the constant threat of employment termination due to the economic uncertainty.
Meanwhile, cybercrime recruitment efforts are growing ever more sophisticated. This, while the cybersecurity skills gap persists for most organizations.
Taken altogether, these factors have the potential to create the perfect storm of insider risks. Let’s talk about the threats and how organizations can protect themselves against them.
Insider Threat Impact
Employees performing damaging actions, with their access to systems and software, are insider threat actors. Something interesting to consider: insider threats can occur because of mal-intent or they can be unintentional—simply through personnel making unwise actions. They can be employees at any tier, vendors or partners, board members, and even consultants.
Ponemon Institute’s 2022 Cost of Insider Threats report lists the insider threat incident count as having risen 44% over the past few years. The costs per incident have also increased more than 1/3 over the same period—totaling more than $15.38 million.
A particularly risky situation is when an employee is laid off and yet they still have access to internal assets. Few cases of harm from such individuals are unintentional; many such individuals are retaliating for their termination, and they may be motivated by other threat actors encouraging or paying them to cause harm.
Cybercrime Recruiters Are Very Active
Cybercrime continues to increase in organization and sophistication. Crime syndicates are now behaving much like legitimate companies. A look at a syndicate’s organization will turn up very familiar structures: departments and teams, chains of command, and those with recruitment roles and strategic planning.
A ransomware group titled Conti suffered a file leakage in early 2022 and it was easy to see that the group was organized like a common business, including a human resources lead with a recruitment director on the team. Bad actors are actively recruiting insiders to assist with their attacks, recruitment occurring via phone calls, email, and social media apps.
The Russian-linked group behind Doppelpaymer offers paid vacation and requests references to verify past cybercrimes. The Dark Web is host to syndicates offering competitive salaries and benefits typical of legitimate companies’ benefits. Jobs could pay up to $20,000 per month, some groups offer their “employees” paid time off, bonuses, and employee referral payments.
What Do Legitimate Companies Do to Stay Safe?
Below are some top areas to examine when addressing insider threats:
· Check for users logging on during non-business hours
· Try to create a baseline of regular activity carried out by suspicious users
· Look for users trying to access files to which they have no approval for access
· Keep an eye on attempts to move or copy confidential data
· If possible, identify user behaviors that deviate from accepted norms and generate alerts
· Work to create automated responses to revoke access and stop data loss if data compromise is detected
The sad truth is that there is no easy way to solve all insider threat issues. Many companies struggle with visibility into user activities, finding and implementing appropriate solutions, dealing with an expansion of vendors in use and the digital transformation process.
Modern organizations need to perform serious planning, identification and customization of technologies to do the automated work of blocking insider attempts at harm, combining approaches to reduce the risks associated with insider threats.
Lay-employee training is also important, as they will likely be the first to notice behavior that is suspicious and many want to protect the companies that are providing them with their livelihood. Make insider threat identification and reporting training part of all employees’ security awareness training, conducted regularly. Any employee with special access to sensitive data must undergo a background check—and it’s a best practice to perform such checks for all employees.
Make insider threat identification and reporting training part of all employees’ security awareness training.
There are many technologies that can help. For example: rigorous access control solutions, like secure gateways, with continuous logging of all user activity for production system connections. Including multi-factor authentication at all points of entry to environments, or accounts, that provide initial network/solution access or enhanced access is a standard practice to ensure network security.
Obtain Help From Consultants
Use the information outlined above to build or enhance your protection against insider attacks. Go a step farther by obtaining expert consultation from a company such as Webcheck Security, which has a number of seasoned security professionals—including Chief Information Security Officers (CISOs)—who can cut your time for gap assessment and roadmap development down dramatically. Contact Webcheck today to schedule a discussion of your needs.