Guest-blog: Alina-Georgiana Petcu discusses ‘When Insider Threat Turns Malicious – and How to Stop It from Happening to You’

Lockdown introduced new threat vectors for organisations in 2020, as cybercriminals redoubled their efforts to launch damaging cyber-attacks. Now that we are looking towards a post-lockdown future in 2021, it is worth exploring the cybersecurity landscape and assessing what steps we should take to protect ourselves from the pernicious threat of cyber-crime.

If there’s one thing you can say for cybercriminals, they rarely miss an opportunity. The coronavirus pandemic has offered cybercriminals a myriad of opportunities to exploit victims’ fears and uncertainties, sow seeds of false hope, and persistently cause disarray in the aid of compromising data and making money.

One year on from the first UK lockdown, we don’t expect this to change as we transition towards a post-lockdown world. The knock-on impact of lockdown is that many organisations are fighting to remain operational, and cybercriminals know this. They will continue to proactively target organisations that are struggling as a result of the coronavirus pandemic, as they recognise that budgets for IT and cybersecurity resources may well have been reduced – making them easier targets for phishing and ransomware attacks.

Today I have the distinct pleasure of introducing another Guest Blogger, Alina-Georgiana Petcu, who is a Communications and PR Officer at Heimdal Security.

Alina is a content connoisseur with a knack for everything tech, she occupies her spare time by trying to untangle the intricate narratives behind the world’s most infamous cyberattacks.

Alina is going to talk to us about the importance of when an insider threat turns malicious – and how to stop it from happening to you.

Thank you, Geoff, it is a pleasure to collaborate with you on this important subject.

The term insider threat refers to a certain amount of risk organizations are subjected to through their current and former employees alike, as well as through business associates or contractors.

These are all people with privileged access to a company’s systems, which means that they can access sensitive data regular staff members don’t have access to.

Insider threat becomes malicious the moment one of these people decides to abuse their access rights to fulfill nefarious motives. Let’s see how and why that happens, as well as how you can stop it from happening to you and keep your enterprise’s assets safe from the grubby paws of hackers.

Unfortunately, insider threat is a widespread issue in corporate cybersecurity. The Ponemon Institute’s 2020 Cost of Insider Threats Global Report recorded a 47% increase in insider threat incidents between 2018 and 2020. This type of inappropriate management of company data can be separated into three categories:
• Accidental, which means that the action was unpremeditated and was not driven by any ulterior motive.
• Negligent, which treads the line between accidental and malicious. The employee in question is not necessarily a hacker, but his intentions aren’t right either.
• And malicious, which consists of an action that is premeditated and was driven by an ulterior motive. That motive can be revenge, ego, financial gain, coercion, or ideology.

To better understand malicious insiders at a human level, SentinelOne’s Jeremy Goldstein classifies insider threat into four archetypes:
• The pawn, who is usually manipulated by a malicious third party into sabotaging the company. This is often unintentional, as it is carried out through phishing or CEO fraud.
• The goof, who is generally ignorant or arrogant regarding their position and thus acts irresponsibly within the company network, causing damage.
• The collaborator, who steals data and disrupts the activity of an enterprise in cooperation with a malicious third party.
• And the lone wolf, whose malicious intent is their own and they act independently of any other cybercriminal group.

Therefore, we can notice right off the bat that not all insider threat actors are malicious. Nevertheless, nearly half of them always are.

5 Threat Scenarios to Expect from a Malicious Insider

So, what happens when insider threat turns malicious? Here are the five scenarios you can expect, illustrated by a few real-life examples of what happened when renowned companies and global organizations went through them.

#1 A malicious insider stole data for competitive interests
• Steven L. Davis, a process controls engineer for Tennessee-based fabrication equipment designer Wright Industries, was contracted by Gillette to oversee their new shaving system in 1997. Out of discontent with his supervisor, Davis stole and sold private data about the technology to Gillette’s competitors.
• A naturalized Chinese-American citizen named Xudong Lao abused his privileges as an employee of the Illinois Locomotive Company between 2014 and 2015, illegally downloading thousands of confidential documents. He then got a job with a Chinese automotive service systems company in 2015 and supplied his new employee with these unlawfully obtained trade secrets.
• Walmart accused their technology vendor and partner Compucom of spying into the private conversations of the retail giant’s C-level executives in 2019. As per the allegations, Compucom employees gathered data that would later give the company an advantage in winning the bid with Walmart.

#2 A malicious insider covertly accessed customer data
• The National Security Agency (NSA) of the United States is responsible for several such cases. In 2003, an NSA employee allegedly monitored a woman he was involved with. She caught onto it and report the incident, which led to an internal investigation.
• One year later in 2004, it was discovered that another employee was keeping tabs on an unknown number she found in her husband’s contacts out of fear that he was cheating on her.
• In 2011, one staff member station oversees spied on the private phone calls of her partner back home, as well as on the conversations of the people she met in that respective country.

These incidents were referred to internally as LOVEINT, which is short for Love Intelligence.

#3 A malicious insider gained profit from privileged information
• In 2011, a former Bank of America employee provided malicious third parties with the sensitive banking info of an undisclosed number of customers. Fraudsters used this information to cause damages that amounted to a whopping $10 million.
• AT&T employee Chouman Emily Syrilien provided a co-conspirator with files containing the personally identifiable information of multiple clients of the telecom services provider. Syrilien was part of a larger data theft scheme involving multiple members of staff.
• An employee working for esteemed cybersecurity software provider Trend Micro accessed a database containing confidential customer information and sold it to a cybercriminal group in 2019.

#4 A malicious insider sabotaged company data and operations
• A former network engineer working at the Charleston-based oil and gas company EnerVest Operating remotely accessed systems in 2014. This had malicious intent behind it, as the engineer reset the network to factory setting, causing damages.
• Back when VP Kamala Harris was a district attorney in San Francisco in 2018, a network engineer for the San Francisco Department of Telecommunications and Information Services (DTIS) named Terry Childs refused to give up the login credentials to the entire network he had built.
• Upon receiving his termination notice in 2015, Canadian Pacific Railway employee Christopher Victor Grupe abused his still-valid login credentials into the company network and deleted some essential administrative accounts, and changed the passwords to others.

#5 A malicious insider shared confidential information with the media
• In 2014, former Microsoft employee Alex Kibkalo, who worked for the company out of Lebanon and Russia, was caught disclosing trade secrets to a French blogger. The leaked information contained, among other things, screenshots of a then-unreleased version of the corporation’s renowned Windows operating system.
• A total of 29 Apple employees disclosed confidential data about product launches in 2018. Out of them, only 12 were arrested.
• While many Tesla employees practiced ethical whistleblowing against the company in the past, one staff member shared confidential business information, such as production numbers, with journalists on Twitter.

A Checklist for Malicious Insider Prevention

If you take just one thing away from the examples I listed above, let it be this – malicious insider threat can target the best in any industry. The checklist below will help you prevent it from happening to you too. So, without further ado, let’s get into some actionable advice.

❒ Know the signs of malicious insider activity
The main purpose of malicious insiders is to steal sensitive information, which they will then misuse in one of the five ways mentioned above. When this type of threat rummages around your company network, they’re going to leave a paper trail regardless of how hard they try to hide their activity. There are three telltale signs of this:
1. Logging in at odd hours
2. Unexpected traffic spikes
3. Data transfers that are out of the ordinary
Looking out for these markers of unusual activity in your system means that you will be able to respond quickly if a malicious insider threat targets your enterprise. Thus, you can take appropriate action right away and remove the privileges of the user account that is being misused.

❒ Prevent privilege creep
The term privilege creep is a cybersecurity concept that is used to describe the accumulation of redundant access privileges, permissions, and rights on a user account that does not need them.

This tends to happen when an employee is promoted to a different position or moved to a different department.

When this happens, the staff member in question is granted new access rights that are appropriate for their tasks, while at the same time retaining the privileges from their previous position.

If overlooked, privilege creep can lead to an accidental superuser account that can be used to fulfill malicious motives.

The best way to prevent this from happening within your company network is by constantly auditing user accounts and monitoring changes. Keeping track of admin rights with a privileged access management tool is another useful route and one that can help you practice privilege bracketing within your system as well.

❒ Practice privilege bracketing
While we’re on the topic of privilege bracketing, let’s take a moment to discuss this beneficial cybersecurity practice. As I mentioned before, the main reason why malicious insiders become threatening to the safety of your enterprise data is through accounts that rack up a lot of privileges over time.

Privilege bracketing is the surest and most effective way to stop this. Based on the principle of least privilege, it involves giving user accounts the minimum access rights that are necessary for the completion of daily tasks. In this way, you can ensure that your enterprise’s private data remains private, together with any personally identifiable information stored in your corporate system.

❒ Implement the zero trust model
Coined by Forrester analyst John Kindervag, the zero trust model implies that no user account operating within a corporate network is to be trusted by default. Instead, everyone’s activity should be continuously authenticated, monitored, and validated. And yes, that includes C-level execs and employees of the company on top of third-party contractors and collaborators. The reason for this is that the practice is based around the never trust, always verify mentality.

Of course, this comes with its set challenges. Implementing the zero trust model is thus an intricate process that includes multifactor authentication, data encryption, privileged access management, cybersecurity auditing, and more.

Nevertheless, it is essential for the prevention of malicious insider threat and the #1 priority in risk mitigation for the past three consecutive years, on the authority of global research and advisory firm Gartner.

❒ Work on your company culture
You know how the old saying goes – the fish rots from the head down. This is true of corporate culture as well, meaning that your leadership within the company or a specific team can be the root cause of issues such as insider threat.

As some of the examples I’ve given above show, malicious insiders are often disgruntled employees looking to cause harm to an enterprise they think has wronged them.

The solution to this issue is pretty straightforward, and it consists of improving the company culture as a whole. If your employees are satisfied with their place of work, they are far less likely to act malevolently towards it or be manipulated by someone who wants them to.

What is more, a staff member that loves their job is far more likely to practice ethical whistleblowing and denounce coworkers that might not have your business’s best interest in mind. It’s a win-win whichever way you look at it, and all you have to do is listen. Be receptive to their feedback and take constructive criticism into your account. That is the mark of a strong leader.

Final Thoughts on Malicious Insider Threat

The human factor is an unpredictable liability in any company. You never know when an employee can go rogue or mess up without meaning to. And on top of that, malware operators and other ill-intentioned third parties are always looking for pawns to help them fulfill their nefarious purposes. For this reason, insider threat is a reality of our time, and it can damage your assets and taint your company’s reputation even when it’s unintentional.

When insider threat becomes malicious, it’s a whole other story. It is your responsibility as a leader to make sure that that doesn’t happen to your company by not only putting the right policies into place but by improving your relationship with your team as well.

Change starts from the inside out, and by that, I mean from your company culture. The technical aspect of it all is not to be overlooked, of course. Privileged access management tools, as well as data encryption, multi-factor authentication, password hygiene procedures, and so on, are essential to the digital well-being of your enterprise. The process is a challenging one, but the results are worth it. Are you ready to take your enterprise cybersecurity to the next level?

Sources
CNBC
Computerworld
DataBreachToday Asia
Federation of American Scientists
FindLaw for Legal Professionals
The Federal Bureau of Investigation
Fortune
Medium
The New York Times
The Ponemon Institute
Reuters
Slate Magazine
U.S. Department of Justice

You can contact Alina-Georgiana Petcu on Linkedin with your questions:
https://www.linkedin.com/in/alina-georgiana-petcu-166905197/

Guest-blog: Scott Hunter discusses the importance of Five High Impact L&D Ideas on a Shoestring Budget

Scott Hunter

Today’s leadership development landscape demands employees adapt to constant change. In order for organizations to take on the pressing need of reskilling and upskilling, it’s critical they’re immersed in a culture of learning. However, the way we learn is changing: employees want control of their own learning, yet they also want guidance and support from managers and learning and development teams.

The uncertain economic environment of the past few years has had a significant impact on the resources available for learning and development in many organisations. This year we are starting to see signs of greater L&D investment in parts of the private sector, but pressure on resources remains an issue for many and workloads are high. This squeeze on resources, combined with an increasing shortage of key skills, means the need for effective, targeted L&D will continue to grow.

Currently many are held back by a lack of confidence, knowledge and insight around how to harness technological tools to improve their learning and development interventions. L&D needs to build skills and expertise in this area to profit from new innovations that meet business requirements and the demands of learners.

The L&D profession faces a stimulating and challenging future in meeting organisational and learner requirements in fast-paced and busy environments. L&D teams need to continue to work collaboratively across the organisation to ensure that current and future business needs are met and that L&D is agile, effective and timely. Technological developments and emerging insights from other disciplines have great potential to aid this process – but only if the capability to exploit these tools and techniques is developed concurrently. We, therefore, need to keep an eye on the future, to understand the evolving learning landscape, while continuing to build the professional competencies we need today to drive and sustain organisational success.

Today I have the distinct pleasure of introducing another Guest Blogger, Scott Hunter, Scott is a specialist in personal influence and creative thinking.

Scott works in an exciting and ever-changing world, faced with new challenges and opportunities. Organisations today are in desperate need of creating agility and a more open capacity to learn. They need innovative solutions to meet the ever-increasing demand for change, requiring a new approach.

There is an opportunity for a holistic approach to learning and change to come to the fore. There is more demand than ever for learning that engages, adds value, drives performance and reignites organisational values and purpose.

Scott has been involved in learning for over 20 years, experiencing the good, the bad and the downright ugly. Over the last 5 years, he has focused on the changing landscape of learning and finding new ways to create development opportunities and learner journeys outside of the normal approaches.

Scott is going to talk to us about the importance of innovative learning and development and the ‘Five High Impact L&D Ideas on a Shoestring Budget’.

Thank you, Geoff, it is a pleasure to collaborate with you on this important subject.

L&D is often under budgetary and time pressures, with an ever-increasing demand to deliver solutions. This can appear like a never-ending challenge to meet these seemingly paradoxical pressures of developing employees with less money and time.

I would argue, that these challenges can be an opportunity for L&D to have an organisational wide impact, for L&D to help change the perception of what learning is within organisations. Using innovative solutions, it can be possible to guide learning in the organisation that align with business objectives and share accountability.

Learning cannot be detached from performance and, to achieve this, it is important to identify the environmental issues that need to be considered. It is not enough to just introduce new L&D activities and solutions, without considering the requirements needed to help support and the practice of new skills/behaviours in the workplace.

Here are 5 ideas for learning solutions that can be delivered with little financial or time investment from L&D, the participants or the organisation. Included are some thoughts on each idea and some potential environmental considerations for them to deliver the biggest impact.

1. Dragon’s Den (Shark Tank)

Elvin Turner, in his book ‘Be Less Zombie’, describes experiments as the rocket fuel of innovation and, let’s be honest, which organisation doesn’t want more innovation at the moment.

Experiments enable organisations to explore possible innovation, with minimal financial or time investment. They enable innovation to become less risky and more data and evidence-driven.

This is based on the Dragon’s Den TV show.

Once a month/quarter, an employee can pitch their innovation-ideas to a panel of managers in the organisation.

If the managers like the pitch, they can then agree to invest a small amount for the employee to run an experiment to test the assumptions their innovation is based upon.

To meet the criteria of an experiment it should be:

• Small
• Cheap
• Fast
• Designed for learning

This provides an ability to maximise learning with the minimum commitment of resources. Each iteration and development of the innovation is supported by data demonstrating the potential after every step.

It also provides information that can create clarity on actions or directions that will not be beneficial to the organisation.

Some of the advantages of this L&D activity:

• Increases employee understanding of the organisation
• Develops critical skills required for leadership
• Aligns innovation energy towards tangible benefits for the organisation
• Creates deeper insights into opportunities
• Creates knowledge that can be used across the organisation to make evidenced improvements
• Encourages collaboration across the organisation

Environmental considerations

• Leaders being open to the ideas from employees
• Supporting the experimentation during work time
• Reward and recognition of employees in line with learning
• Supporting employees in developing pitches
• Support in designing experimentation and metrics
• Allowing employees to be involved in the projects

2. Work Based Projects

Work-based projects can be used to align employee learning efforts to strategically identified outcomes. Creating opportunities that have tangible business outcomes. Creating the environment where employees can participate and learn simultaneously provide huge benefits.

Projects are ongoing within organisations on a regular basis and are great opportunities for employees to practice the skills/behaviours identified. These projects can be existing ones, or they can be created to specifically support the application of skills/behaviour from a programme, such as a leadership programme.

The use of projects can provide an evaluation of the application of learning, the behaviour of participants and the application of skills in a real business environment. This provides the opportunity for specific and data-rich analysis of the programme and its impact.

Some advantages of this L&D activity:

• Provides opportunities to practice skills and behaviours in a real business environment
• Provides rich data to evaluate the programme and participants
• Links tangible business outcomes to the L&D activity
• Provides the opportunity to test organisations processes and procedures
• Develops a deeper understanding of the organisation
• Encourages collaboration and cross-functional/department working
• Develop leadership skills

Environmental considerations

• Leaders support in providing time to be involved in projects
• Clarity on the deliverable of project and provision of sufficient resources
• Agreement and collection of suitable and relevant metrics
• Ongoing support and feedback during the project

3. Peer to Peer feedback sessions

The power of feedback has been well documented and is an integral aspect of performance management and coaching. However, I would suggest that most of the interactions and observations of our work are with our peers.

It seems, therefore, that gaining feedback from peers can be a great source of information to for areas of improvement, and recognition. The use of peer to peer feedback can create a more open and transparent working environment.

Also, it can provide insights into behavioural aspects of performance, which can often be missed in more traditional performance management approaches.

It can work in an organic way, where feedback is in line with recent observations and requests. Or it can be guided, perhaps to provide feedback to specific behavioural requirements of the organisation.

One example could be, that putting customers first and excellence are key pillars of the organisational strategy. L&D could then provide guidance on what areas to observe and provide feedback on during the peer to peer sessions. This links ongoing organisational feedback with identified strategic outcomes of the organisation.

Potential advantages of this L&D activity:

• Improved performance across the organisation
• Improved relationships
• Improved teamwork and communication
• Alignment of feedback to organisational outcomes
• Support delivery of behavioural change in the workplace

Some environmental considerations

• Support of peer to peer feedback in the performance management process
• Review reward and recognition policies and processes
• Support with guidelines on providing and receiving feedback
• Support from line managers to encourage the process
• Agree metrics for uptake and impact

4. Skills-based video channel

Employees want to be able to do what they need when they need it, lack of specific and often little pieces of information can create unnecessary delays. An example may be needing to create a pivot table in Excel.

Normally this may require an employee to find someone who knows how to do this and then ask them to show them. This is time-consuming and an inefficient method of knowledge sharing.

L&D can create a video channel that is dedicated to micro explainer videos of skills that are often required within the organisation. Working with line managers, L&D can identify employees who have these skills and approach them to create explainer videos.

These videos can then be tagged and hosted on an in-house server, or externally such as a closed YouTube or Vimeo channel. Content can be updated, as and when it becomes clear that skills are required, or an employee has a skill that could be beneficial.

This will provide employees with a searchable and accessible resource of skills and information, which they can easily use at the point of need.

The content could also be highlighted to groups in their employee life cycle as it may become useful. Such as reminders about interview skills, tips for performance management could be provided to line managers in the run-up to scheduled performance management reviews and assessments.

Potential benefits of this L&D solution:

• Provide access to skills as and when required
• Reduce potential delays, improve productivity
• Increase motivation and value for those employees selected to provide content
• Flexible content that is adaptable to organisational needs
• Reduce dependence on training courses, saving time and finances
• Reduce time away from work of subject matter experts

Environmental issues

• Access to the appropriate server to host videos and allow organisation-wide access
• Review reward and recognition for those submitting content
• Provide feedback for content generation
• Support of leadership in creating content
• Ensure compliance with appropriate copyright and licensing requirements
• Communication of resource

5. Microlearning activities

Microlearning is all around us and used in everyday life; allowing employees to consume information and learning quickly and effectively.

These activities can be directly linked to skills or behaviours that are required to deliver team/organisation outcomes. This provides flexibility to create content that can be delivered within specific areas of the organisation, or across the whole organisation.

These can be scheduled and used as stand-alone actions or can be used to support other programmes or initiatives.

In the ‘Influence to Innovate’ coaching programme we provide individual and group microlearning activities. One example is called ‘Lip Sync’ which was designed to help develop better listening skills. Below is an outline of the activity.

Title

Lip Sync

Rationale

To build trust, one of the most important dimensions is selflessness. However, in conversations, we often interrupt and speak over others. This demonstrates that we are more interested in what we have to say rather than what others are saying. This damages our reputation and decreases the trust others have in us.

How to Play

• During your day, when you’re invited into a conversation, pay attention to the lips of the others.
• As soon as their lips move, you must ‘Lip Sync’ by not moving your lips and letting others speak.
• Your objective today is to ‘Lip Sync’ as often as possible, ensuring that your lips do not move at the same time as others

Reflection

At the end of the day, take some time to reflect back and answer the following questions:

• What were the differences in conversations when you managed to ‘Lip Sync’ compared to when you were unable to?
• What do you think the impact on the others was?
• How might ‘Lip Sync’ help you in your work and personal relationships?
• What action can you take to improve your ‘Lip Sync’ ability?

Or if you prefer to see it in a micro-learning format, click here

As an example, you can see that this activity can be briefed quickly and the playing of the activity happens within the normal working day. It does not impact the operations of the organisation and can be completed across specific teams or the whole organisation at the same time.

The use of microlearning can help develop learning at speed and scale.

Some benefits of this L&D solution:

• Specific skills can be developed organisation-wide at the same time
• There is no requirement to be released from work
• Skills can be developed that are directly linked to team/organisation goals
• Can be used to develop behaviours in real work environment
• Can support long term learning programmes
• Improve relationships within organisations
• Can embed values at scale and speed

Some environmental considerations:

• Support from line managers in playing the game
• Support to encourage reflection on the day’s play
• Facilitating healthy discussions within teams
• Link required behaviours to performance management, reward and recognition
• Access to activities
• Enabling all employees to participate

Summary

In my opinion, L&D does not own the learning in the organisation, and can move itself to be seen as the strategic convener of learning. All the ideas in this blog were chosen against the following criteria:

• Had limited operational impact
• Had limited financial costs
• Encouraged learning, as close as possible, to the required application
• Ability to support organisation-wide learning
• Ease of linking to organisational outcomes
• Encourage multiple stakeholders in learning
• Can be easily evaluated for impact

This is not an exhaustive list, and there are many great ideas on how to create learning opportunities in the workplace.

Hopefully, these ideas have given you some food for thought, enabling you to implement some of these quickly and easily into your organisation.

These ideas may help move the conversations L&D are having in organisations and change the perception and move them to be seen as trusted strategic partners.

If you would like to chat about changing the perception of learning in organisations, feel free to reach out.

You can contact Scott Hunter with your questions:
email: scott @ theinnovatecrowd.com
web: www.theinnovatecrowd.com
LinkedIn: Scott Hunter