Wednesday, June 29, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home Blog

Insider Threat!!!

The Enemy within...

Henrietta Ijenebe by Henrietta Ijenebe
March 4, 2021
in Blog
0
Insider Threat!!!

ImageSource:https://www.securitytoday.com

Share on FacebookShare on Twitter

An insider threat is a security risk that originates from within the targeted Organization. It typically involves a current or former employee or business associate who has access to sensitive information or privileged accounts within the network of an Organization, and who misuses this access.

Traditional security measures tend to focus on external threats and are not always capable of identifying an internal threat emanating from inside the organization. 34% of data breaches in the 2019 Verizon Data Breach Investigations Report involve internal actors.

Insiders have the capabilities, motivations, and privileges needed to steal important data – which makes it a CISO’s job to identify and build a defense against all of those attack vectors.

   Who Are Your Insiders?

  • Employees
  • Privileged users, such as IT team members and Superusers
  • Knowledge workers, such as Analysts or Developers
  • Resigned or terminated employees
  • Employees involved in a merger or acquisition

 Third Parties

  • Vendors
  • Contractors
  • Partners

Types of insider threats include:

Malicious insider—also known as a Turncloak. This is someone who maliciously and intentionally abuses legitimate credentials, typically to steal information for financial or personal incentives. For example, an individual who holds a grudge against a former employer, or an opportunistic employee who sells secret information to a competitor. 

ImageSource:https://www.csoonline.com

Turncloaks have an advantage over other attackers because they are familiar with the security policies and procedures of an organization, as well as its vulnerabilities.

Careless insider—This person is an innocent Pawn who unknowingly exposes the system to outside threats. This is the most common type of insider threat, resulting from mistakes, such as leaving a device exposed or falling victim to a scam.

ImageSource:https://www.blog.malwarebytes.com

For example, an employee who intends no harm may click on an insecure link, infecting the system with malware.

A mole—This person is an imposter who is technically an outsider but has managed to gain insider access to a privileged network.

ImageSource:https://www.csoonline.com

This is someone from outside the Organization who poses as an employee or partner.

Malicious Insider Threat Indicators

Anomalous activity at the network level could indicate an insider threat. Likewise, if an employee appears to be dissatisfied or holds a grudge, or if an employee starts to take on more tasks with excessive enthusiasm, this could be an indication of foul play.

Trackable insider threat indicators include:

Digital Warning Signs

  • Downloading or accessing substantial amounts of data
  • Accessing sensitive data not associated with their job function
  • Accessing data that is outside of their unique behavioral profile
  • Multiple requests for access to resources not associated with their job function
  • Using unauthorized storage devices (e.g., USB drives or floppy disks)
  • Network crawling and searches for sensitive data
  • Data hoarding, copying files from sensitive folders
  • Emailing sensitive data outside the organization

Behavioral Warning Signs

  • Attempts to bypass security
  • Frequently in the office during off-hours
  • Displays disgruntled behavior toward co-workers
  • Violation of corporate policies
  • Discussions of resigning or new opportunities

While human behavioral warnings can be an indication of potential issues, digital forensics and analytics are the most efficient ways to detect insider threats. User and Event Behavior Analytics (UEBA) and security analytics help detect potential insider threats, analyzing and alerting when a user behaves suspiciously or outside of their typical behavior.

Insider Threat Examples

Here are a few recent examples of insider threats from the news.

Tesla: A malicious insider sabotaged systems and sent proprietary data to third parties.

Facebook: A security engineer abused his access to stalk women.        

Coca-Cola: A malicious insider stole a hard drive full of personnel data.

Suntrust Bank: A malicious insider stole personal data, including account information, for 1.5 million customers to provide to a criminal organization.

Insider Threat Defense Response Plan

  1. Monitor files, emails, and activity on your core data sources
  2. Identify and discover where your sensitive files live
  3. Determine who has access to that data and who should have access to that data
  4. Implement and maintain a least privilege model through your infrastructure which includes:
  • Eliminating Global Access Group
  • Placing data owners in charge of managing permissions for their data and expire temporary access quickly

    5. Apply security analytics to alert on abnormal behaviors including:

  • Attempts to access sensitive data that isn’t part of normal job function
  • Attempts to gain access permissions to sensitive data outside of normal processes
  • Increased file activity in sensitive folders
  • Attempts to change system logs or delete large volumes of data
  • Large amounts of data emailed out of the company, outside of normal job function

  6. Socialize and train your employees to adopt a data security mindset.

Insider Breach Response Plan

It’s equally important to have a response plan in place to respond to a potential data breach:

  1. Identify the threat and take action by:
  • Disabling and/or log out the user when suspicious activity or behavior is detected
  • Determine what users and files have been affected

   2. Verify accuracy (and severity) of the threat and alert appropriate teams (Legal, HR, IT, CISO)

  3. Remediate

  • Restore deleted data if necessary
  • Remove any additional access rights used by the insider
  • Scan and remove any malware used during the attack
  • Re-enable any circumvented security measures

 4. Investigate and perform forensics on the security incident

 5. Alert Compliance and Regulatory Agencies as needed

 Conclusion:

The secret to defending against insider threats is to monitor your data, gather information, and trigger alerts on abnormal behavior. Your biggest Asset is also your biggest Risk. The root cause of insider threats…..? “People”.

Yet most security tools only analyze Computer, Network, or System Data. To stop insider threats–both malicious and inadvertent–you must continuously monitor all user activity and take action when incidents arise. Cyber Criminals never sleep, nor should your prevention strategies.

Tags: Insider threatMaliciousMolePawnTurncloak
Henrietta Ijenebe

Henrietta Ijenebe

Another Breed striving to make our cyber.space a better state of existence. CyberContent Writer at Cybersecfill. Cybersecurity Threat Intelligence Analysis... Penetration Testing... I code in Javascript...Python...PHP I convey with HTML I beautify with CSS

Next Post
Smart Phones…. Prime target for Cybercriminals!

Smart Phones.... Prime target for Cybercriminals!

0 0 votes
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Getting Started in Cybersecurity – Fundamentals You Should Not Miss.

Getting Started in Cybersecurity – Fundamentals You Should Not Miss.

5
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

Privacy Policy - Terms and Conditions