[BreachExchange] Insider Threat: Why Negligence Is More Dangerous Than Malevolence

Audrey McNeil audrey at riskbasedsecurity.com
Fri Aug 26 15:49:48 EDT 2016


http://infosecisland.com/blogview/24814-Insider-Threat-
Why-Negligence-Is-More-Dangerous-Than-Malevolence.html

Security threats can come from anywhere, but they most often occur from the
inside. These types of threats are on the rise: in a recent report, 39% of
IT professionals admitted they were more concerned about the threat from
their own employees than the threat from outside hackers.

In May 2014, the U.S. Department of Homeland Security defined Insider
Threat as “a current or former employee, contractor, or other business
partner who has or had authorized access to an organization’s network,
system, or data and intentionally misused that access to negatively affect
the confidentiality, integrity, or availability of the organization’s
information nor information systems.”

The potential risks associated with an Insider Threat are particularly
disturbing, since Insiders already have the necessary credentials and
access to do significant damage to your organization. Traditional data
security tools such as encryption are meaningless since Insiders are
already authorized to bypass these security barriers in the same way they
can use their network credentials to access your sensitive data.

As a recent example, customer records at AT&T Services were accessed by
employees who stole information to sell to unauthorized third parties. As a
result, in late 2015, AT&T Services had to pay a civil penalty of $25
million to resolve consumer privacy violations.

While we should not ignore the very real danger posed by this type of
intentional threat, we must also recognize the role of negligent employees
in delivering a similar result. The fact is that the road to a cyberattack
is often paved with the best of intentions.

In February 2016, Snapchat announced that one of its employees had
responded to a phishing scam, by sharing payroll information with the
company’s Chief Executive Officer, or so they thought. Instead, they opened
an email sent by an external actor who exploited the employee’s negligence
to obtain sensitive information. While it was an honest mistake, the
employee’s actions resulted in devastating consequences for the
organization as well as the individuals whose data was breached. According
to the FBI, this form of business email compromise has cost more than $1.2
billion over the past two years.

Cyberattacks originating from negligent employees are rapidly increasing.
Employees have access to sensitive information that, if exposed, could
negatively impact their organization. Yet most corporate research and
investment on the Insider Threat has focused on those defined by Homeland
Security: malicious behavior of purposeful hackers. We need to understand
that the Insider Threat is considerably broader.

Contrary to popular belief, Insider Threats should not be restricted to
these malicious profiles.  In fact, many would argue that the threat from
well-intentioned, negligent employees like the Snapchat case presents a
much greater risk. In fact, IT decision makers view the employee as the
greatest risk to the security of their organization (46%). Of these
respondents, the ‘accidental’ threat outweighed the ‘intentional’ threat by
double.

While no one can prevent all Insider Threats, adopting a transparent
security policy is a key step in securing employee support while building
greater trust between employees and employers. IT should work closely with
senior leadership to integrate responsible IT security behavior training,
including random user testing, and pre-emptive alerts established to call
out unusual activity or access.

Organizations must also implement technology that delivers proactive and
intelligence-driven approaches to security to help reduce risk and enable
IT to effectively support business initiatives.

The successful prevention of any threat depends on our ability to
accurately define and identify it – ideally before it has infiltrated our
networks and data.  When addressing the risk of Insider Threats, we must
look beyond those who are intentionally doing harm and place equal emphasis
on those who are simply doing their job.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160826/7d1a2311/attachment.html>


More information about the BreachExchange mailing list