Ransomware and Your Employees: the New Battleground
Organisations face many challenges, and the last few years have been testing for everyone. We don’t always know what the future holds, but we know that being prepared for today's challenges can secure business success today and in the future.
One of the major challenges that any organisation faces is the battleground of information security. With the recent increase in ransomware attacks in the last decade, costing businesses $20 billion (US) in 2021 alone, there are many reasons to understand what ransomware and insider threats are, and how to avoid being a victim of these security threats.
In this guide you will discover what insider threats are, the different types of insider threats, examples and the strategies to prevent insider attacks.
Insider Threats - A Growing Concern
Insider threat is the threat that an insider will use his or her authorised access, wittingly or unwittingly, to do harm to the company’s/departments mission, resources, personnel, facilities, information, equipment, networks, or systems. It is a form of cybersecurity threat which originates from within an organisation or involves people inside.
Traditionally, cybersecurity measures tended to focus on external threats, from cyber attacks to phishing scams that can cause widespread damage to an organisation. However, insider threats are now becoming more prevalent, and they are more likely to be done unintentionally as systems become more complex and the origin of the issues can be multi-faceted.
In 2019/2020 incidents caused by insider threats accounted for 66% of those reported by organisations. This threat is growing among organisations who have large teams and staff who have access to local and organisation information.
Types of Insider Threat
There are of course different ways to have insider threats, and as previously mentioned, whether it is wittingly or unwittingly, they pose a huge threat to the success and safety of the organisation and the staff.
Here are some different types of insider threats;
- Malicious insider or Turncoat
- Someone who uses their legitimate credentials (staff members with logins) to do something nefarious. In most cases it is an employee or contractor – someone who is supposed to be on the network and has legitimate credentials, but is abusing their access.
- Careless Insider or Pawn
- Can arise from mistakes
- Innocent exposure of sensitive information
- Clicking on malicious links without adequate consideration
- Losing a laptop with information on it
- Mole or imposter
- Somebody who is effectively an outsider - gaining insider access to systems. E.g someone posing as an employee or partner organisation.
Risky employee behaviour can be broadly classified in three different ways:
- Malicious - or
- Negligent - or
Whilst you can’t do a lot in accidental leaks, such as the pawn insider threat mentioned earlier, there is a lot you can do to protect your systems from malicious or negligent behaviour.
Insider Attack Examples
If you think that you or your organisation are the only ones getting targeted, then you will be mistaken. Of course, organisations of all sizes have been attacked and insider attacks are becoming so much more common and better known that there are examples we can all learn from to better protect your organisation in the coming future.
Here are just some examples;
- Medical packaging co.
- A Former employee - after being let-go hacked their system and edited / deleted many records.
After being let go, the employee went into the system and granted themselves Administrator access who then went on to edit and delete over 120,000 records which meant that deliveries were delayed to medical providers.
- In 2017 a Bupa employee accessed private data and tried to sell it on the Dark Web. Thanks to an in-house customer relationship management system, the employee, copied the information, deleted it from the database, and then tried to sell it on the Dark Web.
The breach affected 547,000 customers and in 2018 after an investigation by the ICO, Bupa was fined £175,000.
- Everyone knows who Elon Musk is, but a cybercriminal attempted to recruit an employee to deploy Malware in 2020 at Tesla.
In September 2020, a Nevada court charged Russian national Egor Igorevich Kriuchkov with conspiracy to intentionally cause damage to a protected computer. Kruichkov attempted to recruit an employee of Tesla’s Nevada Gigafactory. Kriochkov and his associates reportedly offered a Tesla employee $1 million to “transmit malware” onto Tesla’s network via email or USB drive to “exfiltrate data from the network.”
- Abnormal Security.
- In 2021 - employees received messages encouraging them to deploy ransomware - offering a reward of $1 million in crypto.
Strategies to Prevent Insider Attacks
There are many different ways that you can prepare yourself and your teams to prevent insider attacks. Firstly, you need to be aware that insider attacks occur when either people don’t have enough information about how they happen, or they have too much knowledge coupled with access to perform one themselves. Being able to better train your teams to see the risks is essential.
From possible negligence to carelessness, good training will help mitigate many of the common issues that can happen within an organisation. From simple solutions to running daily virus checks to being secure in understanding what a ransomware attack can look like and how emails can look harmless but cause potential threats.
In order to better train your teams, you need a threat mitigation program. This is the process of developing options and actions to enhance opportunities and reduce threats to project objectives.
One simple solution can be to limit network access and robustly monitor activity. Who requires access to parts of the organisation and who doesn’t? What information is essential, and what information isn’t?
Be vigilant - look out for early warning indicators such as:
- Out of hours remote access
- Unusual network activity
- Unexplained access to large volumes of data
- Staff accounts being access whilst on holiday
You should continuously test and validate existing cybersecurity tools and processes. Bring in third parties to test the system and go through different testing priorities to see what matters and what doesn’t when it comes to your cybersecurity.
Wrap Up Paragraph
Insider threat is the threat that an insider will use his or her authorised access, wittingly or unwittingly, to do harm to the company’s/departments mission, resources, personnel, facilities, information, equipment, networks, or systems. The impact and cost of insider cybersecurity attacks can be considerable with an estimated $6 trillion dollars in damages to business around the world.