Cyber Security: Insider Threats

In May 2017, a security guard was forced to pay £250,000 in damages to his former employer for hacking the internal computer systems. Yovan Garcia became disgruntled with his firm, a Californian-based Security Patrol provider, and decided he was going to set up his own security company to rival his bosses. However, rather than resign and take the appropriate measures to setup his own business, he remained with the company and began his revenge campaign on the inside.

He stole confidential client data, inflated his own pay packet by 50%(!), corrupted backup files, and even defaced the company website by uploading a rather un-flattering picture of his boss onto the homepage. He single-handedly attempted to tarnish the reputation and credibility of his employer, with a view to steal the clients to take them to his own firm.

From discovery of the issues to eventually getting him convicted, took three arduous years; during which time the employer suffered embarrassment, legal turmoil, and a significant loss of irrecoverable time.

Although outsider Cyber threat continues to receive focus, the risk of insider threat is something more companies should pay more attention to. Today, members of staff pose more risk to the company’s data than ever before. Whist traditional security methods focus on handling external attackers, it’s the threats that originate from inside that are far more difficult to manage using a “one-size-fits-all” platform. However, there are a number of tools and services available to provide a more holistic visibility across the enterprise.

A good place to start is a Penetration Test. A thorough test, conducted by a reputable RED Team / Ethical Hacker, can highlight any number of weaknesses that exist within your infrastructure from redundant protocols, CVE’s, weak passwords, to open Wireless networks. Once the final report is produced, a RAG status identifies the High, Medium, and Low Threats, allowing you to get to work on the low-hanging fruit.

Advanced Threat Protection can also mitigate the risk of insider threat. ‘Behaviour Analytics’ platforms are more human-centric systems, designed to deliver information in real-time, analysing the specific user behaviour and complex patterns of machine interaction. Such Tools can significantly reduce the threat of Data Loss and/or Data Theft.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are becoming more commonplace. Endpoints are monitored via an ‘Entity Agent’ by a Global Technical Operations Centre, with engineers acting as digital guardians, providing 24×7 rapid-response to all security incidents.

As a bare minimum, USB storage should be locked down, privileged accounts managed appropriately, access to systems restricted, complex passwords kept secure, and blocking of all online cloud storage and social media sites, should be done as good practice.

Technically we can only do so much, but it goes without saying that any employee who may become compromised should always be kept on a watch-list.

by Aman Sood
https://www.linkedin.com/in/amansood1/

(If you think your company could benefit of a Cyber Security Consultant, please check our candidates)