Guest-blog: Alina-Georgiana Petcu discusses ‘When Insider Threat Turns Malicious – and How to Stop It from Happening to You’

Lockdown introduced new threat vectors for organisations in 2020, as cybercriminals redoubled their efforts to launch damaging cyber-attacks. Now that we are looking towards a post-lockdown future in 2021, it is worth exploring the cybersecurity landscape and assessing what steps we should take to protect ourselves from the pernicious threat of cyber-crime.

If there’s one thing you can say for cybercriminals, they rarely miss an opportunity. The coronavirus pandemic has offered cybercriminals a myriad of opportunities to exploit victims’ fears and uncertainties, sow seeds of false hope, and persistently cause disarray in the aid of compromising data and making money.

One year on from the first UK lockdown, we don’t expect this to change as we transition towards a post-lockdown world. The knock-on impact of lockdown is that many organisations are fighting to remain operational, and cybercriminals know this. They will continue to proactively target organisations that are struggling as a result of the coronavirus pandemic, as they recognise that budgets for IT and cybersecurity resources may well have been reduced – making them easier targets for phishing and ransomware attacks.

Today I have the distinct pleasure of introducing another Guest Blogger, Alina-Georgiana Petcu, who is a Communications and PR Officer at Heimdal Security.

Alina is a content connoisseur with a knack for everything tech, she occupies her spare time by trying to untangle the intricate narratives behind the world’s most infamous cyberattacks.

Alina is going to talk to us about the importance of when an insider threat turns malicious – and how to stop it from happening to you.

Thank you, Geoff, it is a pleasure to collaborate with you on this important subject.

The term insider threat refers to a certain amount of risk organizations are subjected to through their current and former employees alike, as well as through business associates or contractors.

These are all people with privileged access to a company’s systems, which means that they can access sensitive data regular staff members don’t have access to.

Insider threat becomes malicious the moment one of these people decides to abuse their access rights to fulfill nefarious motives. Let’s see how and why that happens, as well as how you can stop it from happening to you and keep your enterprise’s assets safe from the grubby paws of hackers.

Unfortunately, insider threat is a widespread issue in corporate cybersecurity. The Ponemon Institute’s 2020 Cost of Insider Threats Global Report recorded a 47% increase in insider threat incidents between 2018 and 2020. This type of inappropriate management of company data can be separated into three categories:
• Accidental, which means that the action was unpremeditated and was not driven by any ulterior motive.
• Negligent, which treads the line between accidental and malicious. The employee in question is not necessarily a hacker, but his intentions aren’t right either.
• And malicious, which consists of an action that is premeditated and was driven by an ulterior motive. That motive can be revenge, ego, financial gain, coercion, or ideology.

To better understand malicious insiders at a human level, SentinelOne’s Jeremy Goldstein classifies insider threat into four archetypes:
• The pawn, who is usually manipulated by a malicious third party into sabotaging the company. This is often unintentional, as it is carried out through phishing or CEO fraud.
• The goof, who is generally ignorant or arrogant regarding their position and thus acts irresponsibly within the company network, causing damage.
• The collaborator, who steals data and disrupts the activity of an enterprise in cooperation with a malicious third party.
• And the lone wolf, whose malicious intent is their own and they act independently of any other cybercriminal group.

Therefore, we can notice right off the bat that not all insider threat actors are malicious. Nevertheless, nearly half of them always are.

5 Threat Scenarios to Expect from a Malicious Insider

So, what happens when insider threat turns malicious? Here are the five scenarios you can expect, illustrated by a few real-life examples of what happened when renowned companies and global organizations went through them.

#1 A malicious insider stole data for competitive interests
• Steven L. Davis, a process controls engineer for Tennessee-based fabrication equipment designer Wright Industries, was contracted by Gillette to oversee their new shaving system in 1997. Out of discontent with his supervisor, Davis stole and sold private data about the technology to Gillette’s competitors.
• A naturalized Chinese-American citizen named Xudong Lao abused his privileges as an employee of the Illinois Locomotive Company between 2014 and 2015, illegally downloading thousands of confidential documents. He then got a job with a Chinese automotive service systems company in 2015 and supplied his new employee with these unlawfully obtained trade secrets.
• Walmart accused their technology vendor and partner Compucom of spying into the private conversations of the retail giant’s C-level executives in 2019. As per the allegations, Compucom employees gathered data that would later give the company an advantage in winning the bid with Walmart.

#2 A malicious insider covertly accessed customer data
• The National Security Agency (NSA) of the United States is responsible for several such cases. In 2003, an NSA employee allegedly monitored a woman he was involved with. She caught onto it and report the incident, which led to an internal investigation.
• One year later in 2004, it was discovered that another employee was keeping tabs on an unknown number she found in her husband’s contacts out of fear that he was cheating on her.
• In 2011, one staff member station oversees spied on the private phone calls of her partner back home, as well as on the conversations of the people she met in that respective country.

These incidents were referred to internally as LOVEINT, which is short for Love Intelligence.

#3 A malicious insider gained profit from privileged information
• In 2011, a former Bank of America employee provided malicious third parties with the sensitive banking info of an undisclosed number of customers. Fraudsters used this information to cause damages that amounted to a whopping $10 million.
• AT&T employee Chouman Emily Syrilien provided a co-conspirator with files containing the personally identifiable information of multiple clients of the telecom services provider. Syrilien was part of a larger data theft scheme involving multiple members of staff.
• An employee working for esteemed cybersecurity software provider Trend Micro accessed a database containing confidential customer information and sold it to a cybercriminal group in 2019.

#4 A malicious insider sabotaged company data and operations
• A former network engineer working at the Charleston-based oil and gas company EnerVest Operating remotely accessed systems in 2014. This had malicious intent behind it, as the engineer reset the network to factory setting, causing damages.
• Back when VP Kamala Harris was a district attorney in San Francisco in 2018, a network engineer for the San Francisco Department of Telecommunications and Information Services (DTIS) named Terry Childs refused to give up the login credentials to the entire network he had built.
• Upon receiving his termination notice in 2015, Canadian Pacific Railway employee Christopher Victor Grupe abused his still-valid login credentials into the company network and deleted some essential administrative accounts, and changed the passwords to others.

#5 A malicious insider shared confidential information with the media
• In 2014, former Microsoft employee Alex Kibkalo, who worked for the company out of Lebanon and Russia, was caught disclosing trade secrets to a French blogger. The leaked information contained, among other things, screenshots of a then-unreleased version of the corporation’s renowned Windows operating system.
• A total of 29 Apple employees disclosed confidential data about product launches in 2018. Out of them, only 12 were arrested.
• While many Tesla employees practiced ethical whistleblowing against the company in the past, one staff member shared confidential business information, such as production numbers, with journalists on Twitter.

A Checklist for Malicious Insider Prevention

If you take just one thing away from the examples I listed above, let it be this – malicious insider threat can target the best in any industry. The checklist below will help you prevent it from happening to you too. So, without further ado, let’s get into some actionable advice.

❒ Know the signs of malicious insider activity
The main purpose of malicious insiders is to steal sensitive information, which they will then misuse in one of the five ways mentioned above. When this type of threat rummages around your company network, they’re going to leave a paper trail regardless of how hard they try to hide their activity. There are three telltale signs of this:
1. Logging in at odd hours
2. Unexpected traffic spikes
3. Data transfers that are out of the ordinary
Looking out for these markers of unusual activity in your system means that you will be able to respond quickly if a malicious insider threat targets your enterprise. Thus, you can take appropriate action right away and remove the privileges of the user account that is being misused.

❒ Prevent privilege creep
The term privilege creep is a cybersecurity concept that is used to describe the accumulation of redundant access privileges, permissions, and rights on a user account that does not need them.

This tends to happen when an employee is promoted to a different position or moved to a different department.

When this happens, the staff member in question is granted new access rights that are appropriate for their tasks, while at the same time retaining the privileges from their previous position.

If overlooked, privilege creep can lead to an accidental superuser account that can be used to fulfill malicious motives.

The best way to prevent this from happening within your company network is by constantly auditing user accounts and monitoring changes. Keeping track of admin rights with a privileged access management tool is another useful route and one that can help you practice privilege bracketing within your system as well.

❒ Practice privilege bracketing
While we’re on the topic of privilege bracketing, let’s take a moment to discuss this beneficial cybersecurity practice. As I mentioned before, the main reason why malicious insiders become threatening to the safety of your enterprise data is through accounts that rack up a lot of privileges over time.

Privilege bracketing is the surest and most effective way to stop this. Based on the principle of least privilege, it involves giving user accounts the minimum access rights that are necessary for the completion of daily tasks. In this way, you can ensure that your enterprise’s private data remains private, together with any personally identifiable information stored in your corporate system.

❒ Implement the zero trust model
Coined by Forrester analyst John Kindervag, the zero trust model implies that no user account operating within a corporate network is to be trusted by default. Instead, everyone’s activity should be continuously authenticated, monitored, and validated. And yes, that includes C-level execs and employees of the company on top of third-party contractors and collaborators. The reason for this is that the practice is based around the never trust, always verify mentality.

Of course, this comes with its set challenges. Implementing the zero trust model is thus an intricate process that includes multifactor authentication, data encryption, privileged access management, cybersecurity auditing, and more.

Nevertheless, it is essential for the prevention of malicious insider threat and the #1 priority in risk mitigation for the past three consecutive years, on the authority of global research and advisory firm Gartner.

❒ Work on your company culture
You know how the old saying goes – the fish rots from the head down. This is true of corporate culture as well, meaning that your leadership within the company or a specific team can be the root cause of issues such as insider threat.

As some of the examples I’ve given above show, malicious insiders are often disgruntled employees looking to cause harm to an enterprise they think has wronged them.

The solution to this issue is pretty straightforward, and it consists of improving the company culture as a whole. If your employees are satisfied with their place of work, they are far less likely to act malevolently towards it or be manipulated by someone who wants them to.

What is more, a staff member that loves their job is far more likely to practice ethical whistleblowing and denounce coworkers that might not have your business’s best interest in mind. It’s a win-win whichever way you look at it, and all you have to do is listen. Be receptive to their feedback and take constructive criticism into your account. That is the mark of a strong leader.

Final Thoughts on Malicious Insider Threat

The human factor is an unpredictable liability in any company. You never know when an employee can go rogue or mess up without meaning to. And on top of that, malware operators and other ill-intentioned third parties are always looking for pawns to help them fulfill their nefarious purposes. For this reason, insider threat is a reality of our time, and it can damage your assets and taint your company’s reputation even when it’s unintentional.

When insider threat becomes malicious, it’s a whole other story. It is your responsibility as a leader to make sure that that doesn’t happen to your company by not only putting the right policies into place but by improving your relationship with your team as well.

Change starts from the inside out, and by that, I mean from your company culture. The technical aspect of it all is not to be overlooked, of course. Privileged access management tools, as well as data encryption, multi-factor authentication, password hygiene procedures, and so on, are essential to the digital well-being of your enterprise. The process is a challenging one, but the results are worth it. Are you ready to take your enterprise cybersecurity to the next level?

Sources
CNBC
Computerworld
DataBreachToday Asia
Federation of American Scientists
FindLaw for Legal Professionals
The Federal Bureau of Investigation
Fortune
Medium
The New York Times
The Ponemon Institute
Reuters
Slate Magazine
U.S. Department of Justice

You can contact Alina-Georgiana Petcu on Linkedin with your questions:
https://www.linkedin.com/in/alina-georgiana-petcu-166905197/

Guest-blog: Karthik Reddy – Cybercrimes and How to Prevent Them

Some of you may recall I was a Global CMO for a large company that delivers end point protection across mult-platforms and devices, its a true statement that everyone has the right to be free of cybersecurity fears.

There’s no doubt that cybercrime and cybersecurity are hot topics. Indeed, according to Comparitech, global cybercrime damages predicted to cost $6 trillion annually by 2021, it’s important to be in-the-know about the potential threat cybercrime poses, the impact it is having, and what is being done about it.

One of the biggest problems in trying to understand what’s happening in the ever-changing world of cybersecurity is that there is just so much information out there. Not only are the nature of threats constantly evolving, but the responses to them differ across the globe.

Despite an overall decrease in fraud and computer misuse in 2017, the latest UK Office for National Statistics (ONS) reports show that incidents involving computer misuse and malware against business are way up.

There were 4.7 million incidents of fraud and computer misuse in the 12 months to September 2017, a 15% decrease from the previous year, according to the latest crime figures and this is just for England and Wales.

The latest figures suggest that while consumer-targeted attacks might be falling, as consumer-grade security improves, cyber criminals are now shifting their gaze to the potentially more profitable enterprise sector.

Andy Waterhouse, pre-sales director for Europe at RSA Security, said UK business is facing tougher conditions than ever as cyber attackers chase greater profits.

“In this post-WannaCry world, both consumers and organisations need to do more to assess their data, identify their most valuable assets, and protect these ‘crown jewels’ as best they can through a mix of multi-factor authentication, strong and unique passwords and a greater level of education on cyber skills,” he said.

Today I have the pleasure of introducing another Guest Blogger, Karthik Reddy, who is an accomplished Editor with a demonstrated history of working in the online media industry. Skilled in on-line content creation, WordPress, and editing. Strong media and communication professional with a Master In Business Administration focused in International Business from Jawaharlal Nehru Technological University.

Karthik is going to talk to us about the cybercrime and what is needed to prevent them.

As a society, we cherish our right to privacy probably more than anything else. Sharing is great, and we all enjoy it, but there is always that other side, the untold story, the personal, the secret. Now, let’s extrapolate this to a societal level. How many information is out there, purposely being concealed for the sake of greater good, for the sake of our own safety? The number is probably unfathomable. Today, when everything is online, and our lives are intertwined with a world most of us know nothing about, privacy and safety become an issue of epic proportions.

That is why we need to talk about cybercrime and utilize the very best VPNs. However, instead of writing a tract of tedious length, here is an infographic that outlines the most important cybercrime facts all of us should be aware of in 2018.

The internet has opened many doors for us. It shows us a world of possibilities.

Whether it is for fun, business or education, we spend a lot of time online.

We pay our bills, transfer money, order products and post photos of our children.

Remote workers are getting paid online, and travelers buy tickets with just a click.

But the cyberspace holds a lot of secrets.

We may think we are always safe but just think about all of those times you’ve given your personal information on a social media platform or on a forum.

Search engines and social media systems are gathering your personal data in order to present you with the best possible results. They keep track of all your movements and check-ins, and suggest friends on Facebook based on mutual friends and interests.

(original image: cybercrime facts – click on image below to enlarge)

Click to enlarge

Cybercrimes are affecting us all, breaching into our professional and personal lives.

I’m not saying we should stop using the internet, but we should all be aware of the security issues, some of which can be prevented.

It’s an occurrence that mustn’t be ignored.

Using a VPN service can help with hacker attacks and provide you with more privacy. It helps securing data flowing between your PC, mobile phone, and tablet.

Most affected industries are business, healthcare, education, as well as governments and military organizations.

Lately, hackers and frauds have been targeting small businesses because big corporations are regularly working to improve their security. Spending on cyberprotection has risen to 2.5 billion in 2016.

The most common cybercrimes are phishing, spam, and ransomware.

80% of these criminal acts are committed by the tech-savvy young people.

Now, let’s examine some of the most harmful cybercrimes.

– Hacking is an act when someone enters your computer without your knowledge or consent. Hackers can post and act in your name, steal your bank details and infect your computer system with viruses.

– Phishing is a scam that uses people’s naivety to extract credit card passwords and bank statements. Fraudsters create fake websites and email you links full of malware.

– Ransomware is a malware attack that locks access to your files and demands a certain amount of money to give you the access key. The average ransom demand is up to $679. Most antivirus programs can’t even recognize ransomware malware. Your computer devices can get infected by clicking on fake websites, infected email attachments or malicious downloads.

– Botnets, networks of infected computers, send spams and overload websites. They are also used for information theft and pranks.

– Denial-of-service attacks stop computers from working properly. They overload the system causing it to slow down or crash.

– Online identity theft is an impersonation of other people with the purpose of using their finances. These tricksters can take up loans in your name and use your medical benefits.

– Cyberstalking is a relatively new form of cybercrime which involves pursuing someone online. The stalker verbally assaults the victim via email, social media networks, and websites. Children and women are the most common victims of cyberstalking. Paedophiles and other predators keep track of the victims and abuse them mentally.

In order to protect yourself or your ebusiness from becoming a cyberattack victim, follow at least some of these tips.

Most significant perhaps, is to be careful with your email address and usernames. Use a gender-neutral nickname for your online accounts and don’t give your email address to unknown and shady websites or individuals.

It is of the utmost importance not to give your personal data such as address, phone number, social security number and bank details to any online entities.

Never use the same email address for business and personal purposes.

If you have multiple social media accounts and emails, and chances are you do, use different passwords for each one. The passwords should be strong, long and contain letters and numbers.

Make sure to update them regularly.

Also, your personal information on social media should be locked down.

Phishing emails are the most popular way of cybercrimes since they start innocently enough.

Every month there are more than 8,000 reports of phishing scams.

Don’t trust business offers and deals from strange people and websites.

Even clicking on links and opening attachments in these shady emails can be disastrous to your cybersecurity.

Use anti-malware software and a firewall on your computer.

Another good idea is to use a VPN to hide your IP and location. Surf anonymously, and prevent unwanted monitoring.

Last but not the least, educate your children to use the internet safely and responsibly. Make sure they don’t talk to strangers, post photos and give personal information. Let them know to talk to you if they encounter any suspicious offers, cyberbullying or harassment.

Even celebrities aren’t spared from cyberattacks. Emma Watson, Jessica Alba, and Tiger Woods are some of the celebrities whose online accounts have been hacked.

LinkedIn, Yahoo and Target were also cyberattack victims.

Cybercrimes are likely to increase in the following years due to the lack of laws and regulations in some countries. Cybersecurity specialists will continue to fight frauds, but these criminals are protected by being invisible.

If you have any questions for Karthik, please email him on: karthik@bestwebmstertools.com