2017 has been a dramatic year in terms of cybersecurity incidents. With surveys and studies suggesting a significant increase in the number of attacks and their sophistication in the near future, it is important that we analyze and examine the issues that organizations face.
The increasing amount of breaches and their nature has caused many CSOs to reevaluate the security policies in place. There is no perfect security policy; however, a good security policy should make sure to cover the very basics of information security first and foremost.
Technically, a security policy is drafted based on areas where attacks are reported, and most modern policies focus on threats that come from outside the business. This tends to give us a false sense of security. If there have been no reported attacks in an area, that does not mean this area is safe in the future. In fact, that may be the weakest spot in your security policy.
One of the most overlooked areas is the threats that can arise from inside your organization. Organizations and CSOs are becoming increasingly aware of the problems and risks posed by their own users; because they have fallen victim to a data breach due to an insider’s carelessness or malicious activities. Tackling this is a complex process, as it involves a large base of legitimate users – both internal and external, who need to safely access and share data to drive the business process and carry on day-to-day tasks.
A majority of such insider-caused data breaches and attacks have been accidental, like emails being sent to the wrong recipients, or the users falling victim to social engineering. In 2016, there were many news organizations reporting on fake Pokémon GO apps. Although the original Pokémon GO app is available in only a handful of countries via the Apple App Store and Google Play, most of its users have downloaded the app unofficially from alternative app markets. Some of these identical and fully-functioning counterfeits are injected with Spyware that snoops on your online activities, such as listening to phone calls, intercepting SMS, accessing your webcam, and logging all your web browsing.
The fake Pokémon GO app is a case in point. If an employee enters your office premises with a device injected with said spyware, the device can act as an extremely powerful magnet, capable of attracting as much data and information it can get and sending it back to its Command and Control Servers (C&C Servers).
The HBO hack is another insider-caused breach that made the news cycle this year. On August 17th, the black hat organization, OurMine, stole upwards of 1.5 terabytes of copyrighted content. Highly anticipated episodes of “Ballers,” “Insecure,” and “Game of Thrones” were among the stolen documents. HBO later acknowledged the security breach was the result of mishandling proprietary information.
The most dangerous insider threats are the ones that are intentional, like sharing sensitive information with a rival business or a disgruntled employee holding a grudge.
So, is there no solution for the threat arising from the insider? While such incidents cannot be fully eliminated, organizations can train and educate the users to improve their behavior and exercise caution. Some of the measures an organization can take are:
- Assess the value of the information and its importance: This will help determine what level of security information needs to be given.
- Implement principle of least privilege: Ensure all users have the lowest level of user rights available, as long as it does not interfere with their jobs.
- Network traffic inspection and data loss prevention (DLP): Keeping a check on the network traffic and inspecting the data in transit to detect malware or suspicious activities.
- Encryption: Encryption is one of the best practices for protecting information, whether it is stored on disk or in transit over networks.
- Implement Data Access and Usage Policies and Internal Information Security Policies: Set clear guidelines for all users on proper use and data access.
- Train employees and users: Educate all users on a regular basis. Ensure they are up to date on the organization’s security practices and any current trends in cybersecurity.
As organizations continue to face threats from external sources, it is important that we are aware of the possibility of a data breach or other forms of attack on the organization from the inside. Be it an accidental data breach or an intentional one, such incidents can bring hardships and embarrassment to an organization.