CRIBB Insider Threats
During this most difficult period, the team at CRIBB Cyber Security – part of theICEway ecosystem of companies – are all working remotely in order to try and stay safe and healthy. We were going to provide you with some tips on remote working in today’s blog, but after much discussion we all felt that we should remain true to the essence of our brand; namely, cyber security. Therefore, today we are going to look at insider threats…
Before tackling insider threats, you must firstly understand what they are and so we turned to our resident cyber security expert Patrick Carolan for his take.
Patrick, what are insider threats?
Insider threats are essentially threats posed to companies by current or former employees, partners or contractors. Any of these might misuse access to networks, databases or applications to either wittingly or unwittingly cause damage and disruption. They might also erase or modify sensitive data, or even steal it if they do have criminal intentions.
What type of information might be at risk?
Personal information on customers and employees, details on company security controls, financial data, intellectual property – there’s a lot of information that breaches can uncover, and whilst all companies are at risk, there have been recent studies that suggest those most at risk are companies in finance, manufacturing and healthcare.
What are the different types of insider threat?
There are generally three types, with threats from compromised users, careless users or malicious users. Insider threats from compromised users are the most common and therefore the most important to try to pay attention to, although it’s very difficult because nobody knows when they are compromised – not the user nor their company. Most security tools today target these threats but a lot of the time they can occur because an employee falls victim to a phishing attack, so in that case I’d advise any company to certainly ensure they are taking preventative steps, such as:
- Making sure that employees ALL receive training, ideally with mock phishing scenarios
- Use Spam filters and antivirus solutions
- Add the latest security patches and updates to ALL systems
- Make sure that security policies include a robust section on passwords
What about careless and malicious user threats?
Anybody that leaves their PC unlocked for just a few minutes can become the target of a cyber-attack, so that is something that companies should address within their security policies. It could be something as simple as setting all PCs to lock when left unattended for longer than a few seconds, but even that sometimes isn’t enough. The key thing is to raise awareness and at the very least put preventative measures in place.
Malicious threats are usually very difficult to detect because they are generated by users who have legitimate access and can therefore take steps to ‘hide’ them, plus they can take virtually any form.
What are some potential indicators to look out for?
It’s probably best if we look at each type of threat separately to answer this. As I said before, threats from what we call ‘compromised users’ are targeted by the majority of security tools used today such as firewalls and endpoint scanning – not to mention anti-phishing tools like Avast!, ESET Smart Security and Google Safe Browsing.
‘Careless’ and ‘Malicious’ threats are not so easy to tackle, simply because one is unwitting and therefore hard to predict, whilst the other can be covered up. What you can do to be prepared for these is to implement tools which scan for things like multiple failed logins, large data transfers, incorrect software access requests; discovering any of these can help raise the alarm for a potential attack. Daily endpoint scans will also help, ensuring that your workstations are clear of viruses and malware.
theICEway ecosystem of companies – A collection of IT companies combining to provide a complete digital solution for clients in healthcare, the cruise and travel industry and retail:
ICE Technology Services; CRIBB Cyber Security; eTestware
Phishing attacks – Cyber-attacks in the guise of emails designed to trick the recipient into clicking on a link or download for an attachment
Google Safe Browsing – A blacklist service provided by Google that is used in Google Chrome, Mozilla Firefox, Safari, GNOME and Vivaldi to list out the URLs of web resources which contain malware or phishing content
Here at CRIBB Cyber Security, our experts take cyber-attacks and cyber criminals very seriously indeed because we have seen at first hand just how much damage they can cause.
Even if you believe that your company has good security measures and protocols in place, it never hurts to get a second opinion, especially if you are dealing with large quantities of data or sensitive data. Contact us today for more information and advice…