The likes of Yahoo! made 2016 the year of the data breach; in 2017 WannaCry and its effect on the NHS ensured that ransomware was on everyone’s lips. When it comes to cybercrime, now that we’re halfway through the year, it’s a pertinent time to wonder: what’s 2018 all about?
Enter: the insider threat — human risk that lurks within a company’s own walls, ready to leak IP that includes customer information, business plans, trade secrets, creative work products such as scripts, and proprietary software.
Most notably, Elon Musk suffered a highly damaging sabotage by a Tesla employee in June, who used their trusted access to the company’s network to manipulate code and steal highly sensitive data, shipping it to unknown third parties.
Tampering with Tesla code could have truly lethal consequences for its customers on the road, so the severity of this sabotage cannot be understated. This, combined with the exporting of highly sensitive data to unknown third-parties, is a shocking example of the damage that can be caused by insider threats — in this case, clearly malicious rather than accidental.
In 2018 we find ourselves five years on from Edward Snowden’s 2013 theft and subsequent leaks of confidential documents from the National Security Agency (NSA). This remains one of the most high-profile examples of the havoc caused by insider threats.
Beyond Snowden and also in June, former CIA software engineer Joshua Schulte was charged with stealing and leaking over 8,700 confidential CIA documents. Schulte, who previously worked in the CIA’s National Clandestine Service, took advantage of his user privileges and access to CIA systems to poach the data, lock out other users, and ultimately delete evidence of his activity.
The Tesla incident is a much-needed reminder of the damage that malicious insiders can cause to organizations that don’t have the right technology or culture in place for mitigating such risks. As Musk said himself, the full extent of the saboteur’s actions are not yet clear, but we do know that the prime motivation behind this crime was vengeance after being denied a promotion.
For business leaders, this should illustrate only all too well the perils of not effectively stopping insider threats, which are dominating 2018.
Merely a few months ago, it was revealed that organizations are feeling the pressure from insider threats. To this end, they are ramping up detection, prevention, and remediation. According to Haystax Technology, in 2017, 90% of organizations reported feeling vulnerable to insider attacks — up from 64% in 2015.
Because, despite the recent headlines, it’s not always the case that insider threats are purposeful and malicious. It may be a term that conjures cloak and dagger espionage, but ‘insider threats’ covers countless internal vulnerabilities.
These range from unintentional errors and compromised credentials as a result of a socially-engineered data breach, thanks to a lack of basic cybersecurity hygiene, all the way through to malevolent insiders. According to an Intel Security report, 43% of the data breaches studied were caused by employees, contractors, or suppliers. In contrast, outsiders — individuals outside an organization who have access to its administrative login details — accounted for 57%.
Too many organizations focus their cyber investment on external threats, when instead they should also concentrate on what lurks within. Cloud-based apps and programs bring a host of benefits for businesses, enabling a more efficient, creative, and innovative workforce — something that shouldn’t be stifled.
At the same time, the inherent security issues cannot be ignored: shadow IT — the use of IT systems within an organization without the approval or knowledge of corporate decision-makers– permits individuals to save potentially confidential data to the cloud for future access. To exacerbate the issue, there’s often an understandable requirement of user-friendliness throughout IT assets, which means than security controls can end up disabled.
As such, organizations must protect themselves against this threat while keeping their employees happy at the same time.
To this end, user entity and behavior analytics (UEBA) technology can help organizations of all sizes monitor their networks for suspicious activity — even when it’s happening off the network. UEBA builds a picture of ‘normal’ user behavior for all employees, in order to subsequently identify abnormalities in these patterns, without compromising on privacy.
When deployed, such technology will flag suspicious instances — for example, a junior marketing executive accessing files belonging to the C-suite at an ungodly hour. Education is also a fundamental piece of the puzzle, and so intelligent approaches to training are a must.
At the end of the day, the insider threat is not going anywhere any time soon, with the threat set only to increase. Protecting IP is paramount for a company like Tesla, whose product is inextricably linked with human lives.
Following on from this IP theft, Musk is scrambling to find out whether his disgruntled employee was acting alone or with others at Tesla — and, crucially, if he was working with any external organizations.
Beyond Tesla, benevolent yet naive employees are set to overshadow these malicious insiders when it comes to the risk they pose. Mostly, this is because insufficient attention is paid by organizations when it comes to targeting the insider threat within their existing cybersecurity programs.
While it’s tempting to bundle the insider threat into a standard cyber incident response program, it really does need special attention — from both a technology and education perspective. Ultimately, although 2018 may be full insider threats, companies of all sizes can combat them.