• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

insider threat

Threat to corporate data from departing employees ‘underestimated by businesses’

960 640 Stuart O'Brien

More than half (51%) of knowledge workers believe the risk to corporate data from departing employees is being underestimated and bigger than organisations think, while (87%) report their former employer has never approached them to verify they hadn’t taken data when they’ve left a job.

That’s according to Code42’s new Data Exposure Report, which concludes workers believe their employers aren’t protecting themselves against the departing employee insider threat and that data theft is posing a real danger to both former and new employers.

Other key findings from Code42’s new Data Exposure Report on insider threat include:

  • Three-fourths (75%) of respondents say that their new employer did not ask them if they had brought data from their previous employer
  • One-third (32%) of respondents who had infiltrated data were encouraged by their new employers to share it with new colleagues
  • The most common forms of data taken from a previous to a new employer are examples of one’s work (38%), followed by colleagues work and financial records (both 19%)
  • 17% also took customer lists or records, just over one in ten knowledge workers (14%) also took customer’s data — which could lead to a serious violation of GDPR
  • Two-thirds (63%) of respondents who said they have taken data are repeat offenders
  • Staff have the ability to access and therefore exfiltrate: data they didn’t create (73%), data they didn’t contribute to (69%), and 59% can see data from other departments

Code42 surveyed nearly 5,000 knowledge workers at companies with more than 1,000 employees in the U.S., U.K. and Germany.

“When it comes to data loss, leak and theft, for too many companies, the inside is their blindside,” said Joe Payne, Code42’s president and CEO. “Insider threat programs are not keeping up with today’s collaborative work culture. People and data are on the move now more than ever. Workers are switching jobs, and company files are being uploaded to the web, emailed as attachments and synched to personal cloud accounts. Our new report is a wake-up call for security teams that have traditionally relied on prevention-based security strategies for blocking when the rest of their organization is busy sharing.”

Hacking

GUEST BLOG: Combatting the threat of accidental insider data leakage

960 640 Guest Blog

By Andrea Babbs, UK General Manager, VIPRE SafeSend

Cybercrime has rapidly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses rising by more than 50% in the last year alone.

While most corporates have made significant efforts to invest in cybersecurity defences to protect their organisations from the outside threat of cybercrime, few have addressed the risk of breaches that stem from the inside in the same way. Insider threats can come from accidental error, such as an employee mistakenly sending a sensitive document to the wrong contact, or from negligence such as an employee downloading unauthorised software that results in a virus spreading through the company’s systems. 

We’re all guilty of accidentally hitting send on an email to the wrong person, or attaching the wrong document; but current levels of complacency around email security culture are becoming an ever greater threat. Few organisations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting their staff from becoming an inside threat. 

So where does the responsibility lie to ensure that company data is kept secure and confidential? 

According to reports, 34% of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. With employee carelessness and complacency the leading causes of data breaches – understandable when human error is inevitable in pressured working environments – there is clearly a lack of awareness and training. And while there is an obvious and urgent need for better employee education, should IT leaders not be doing more to provide the tools that take the risk of making accidental mistakes out of employees’ hands?

With simple technology in place that provides an essential double check for employees – with parameters determined by corporate security protocols – before they send sensitive information via email, accidental data loss can be minimised and an improved and proactive email securityculture achieved. In addition to checking the validity of outbound and inbound email addresses and attachments – thereby also minimising the risk of staff falling foul of a phishing attack – the technology can also be used to check for keywords and data strings in the body of the email, to identify confidential or sensitive data before the user clicks send.

In order for organisations to limit the number of insider data breaches, it’s crucial for employees to understand the role they play in keeping the company’s data secure. But in addition to supporting employees with training, deploying an essential tool that prompts for a second check and warns when a mistake is about to be made, organisations can mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business. 

Email is arguably the key productivity tool in most working environments today; placing the full burden of responsibility for the security of that tool on employees is both an unnecessary overhead and, increasingly, a security risk. In contrast, supporting staff with a simple, extra prompt for them to double check they aren’t mistakenly sharing confidential data raises awareness, understanding and provides that essential security lock-step – before it’s too late. 

Could your most trusted employee be your biggest threat?

960 640 Guest Blog

95% of cyber security breaches are due to human error, which in reality means it could be any user, at any time. The best bit? They probably won’t even know they’re doing something wrong, but they have inadvertently just become an unintentional insider threat.

As Andy Pearch, Head of IA Services, CORVID, explains, organisations need to stop playing the blame game and pointing fingers at users when the system is compromised and instead ensure they have the right technology in place to take back control of their security defences…

Unintentional insider threats

A person becomes an unintentional insider threat when they unwittingly allow a cyber attacker to achieve their goal – whether that’s a breach of systems or information, or diverting payments to a criminal’s account. This can be through negligence or lack of knowledge, but can also be a result of just doing an everyday job.

Unintentional insider threats are particularly dangerous because the traditional methods of identifying insider threats don’t work – they don’t try to hide emails or files, because as far as they’re aware, they’re not doing anything wrong. If an attacker presents themselves as a legitimate person with the right credentials to request a change, the unsuspecting employee will probably respond exactly as the attacker was hoping.

Trusted employees have access to company-sensitive information, assets, and intellectual property, and permission to make financial transactions – often without requiring any further approval. Threat actors target these privileged, trusted people – impersonating suppliers, regulators, and known colleagues – and try to encourage them to do something they have permission to do, but shouldn’t.

Removing reliance on users

Email allows threat actors to communicate with users with almost no defensive barriers between them. Even the most diligent employee gets distracted, rushed, or slightly too tired, which is all it takes for a malicious email to achieve its objective – whether that’s clicking a link, opening an attachment, or trusting the email’s source enough to reply. Employees don’t expect to be attacked in a safe office environment but threat actors prey on this perceived safety to catch them off guard and socially engineer them into doing something they shouldn’t.

Many people think they know what a spam email looks like, but 97% of people are unable to identify a sophisticated phishing email. This is hardly surprising when considering there are, comparatively, so few highly-convincing fake emails; because they aren’t seen every day, employees aren’t always looking out for them. Then there are some methods of impersonation that organisations can’t realistically be expected to detect – for example, spotting the difference between a 1, l, and I (1, L, and i, respectively). Attackers know that employees aren’t meticulously scanning every email for tiny details like this, so they take advantage. If an organisation’s email security currently relies on users correctly identifying malicious emails 100% of the time, quite simply, their defences are going to succumb to attack.

Preventing the unintended

Research shows that 90% of organisations feel vulnerable to insider attacks, so now is the time for change. Monitoring normal access and behaviour patterns can give early warning signs of potential intentionally malicious activity, but the same can’t be said for unintentional insider threats. The attacker’s request could be comfortably within the scope of an employee’s daily duties.

The information available to users is often insufficient for them to determine whether an email is legitimate. As such, they should be suspicious and challenge requests, especially if they’re unexpected or urgent. Checks should also be put in place for a second pair of eyes to confirm certain requests before any action is taken, for example, changing payment details or making unscheduled wire transfers. If the request is for a financial transaction or asks for sensitive or personal information, phone the person who made the request (or better still, speak to them face-to-face) to confirm it’s genuine.

There is only so much humans can do. By having technology in place that alerts users to potentially malicious content and enables them to make an informed decision about an email’s nature and legitimacy before acting on it, organisations can take back control of their security defences instead of playing the blame game and pointing fingers at users when the system is compromised.

Image by Gerd Altmann from Pixabay