For years, we all worried about external threats to one’s environment. The DoS and DDoS attacks. The hackers trying to force their way into networks from thousands of miles away as they attack without notice. The droves of spam that saturate emails with malware links. Well, those threats abound, are alive and well, causing havoc for unsuspecting victims.
Insider Threats are Growing Bigger Each Year
Yet what’s also taking shape are growing insider threats. Call it the enemy within, which means you’re now fighting a new kind of war – the war within. That’s right, businesses now have to look inside to nefarious employees and contractors who can create just as much damage – often more damage – than the well-known external threats. As to the types of insider threats, they’re plentiful, and growing by the day in sophistication and regularity. In fact, insider threats are now so rampant that businesses are investing heavily in Data Loss Prevention (DLP) techniques.
An insider is essentially anyone who has been given access to information and other assets for which outsiders do not have. This can be logical access to information systems, along with physical access to assets. According to the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world, there are three (3) types of insider threat occurrences: Malicious, Negligent, and Accidental.
Notable Insider Threats that Actually Happened
What makes insider threats so difficult is that you start off as a business with the hope that every employee is ethical, honest – hoping to do all they can for helping a company succeed. Unfortunately, that’s not reality, and you also can’t pick and choose the bad apples once they’re hired. Think it can’t happen to your business, think again, as it’s happened to countless businesses all across the country. Here’s a few notable, high-profile insider attacks:
RSA Data Breach: Ironic that a data breach happened with one of the world’s leading security firms, RSA. The breach occurred when phishing emails were sent over a two-day period with the subject line titled, “2011 Recruitment Plan”. This resulted in at least one employee (it only takes a single user to bring malware into a business!) opening the attached MS Excel file, which ultimately contained a zero-day exploit that installed a backdoor through an Adobe Flash vulnerability.
A zero-day exploit is a computer attack that occurs on the same day that the actual weakness is discovered in the software. Basically, a zero-day attack is the number of days a software provider has known about the problem and should fix it, which is zero. Hackers often are aware of the exploit for months, but nobody else, thus they can attack for extended periods of time before the issue is found.
- Internal employees are now just as dangerous – potentially even more so – than external hackers and other threats.
- Now’s the time to invest in Data Loss Prevention (DLP) tools and techniques.
- Insider threats are going to continue to grow, unfortunately.
Want to Learn More and also Grow your Business?
Want to learn more about insider attacks and how cybersecurity can be your rock-solid competitive advantage for long-term growth and profits? Charles Denyer, one of the world’s leading cybersecurity specialists and a globally recognized cybersecurity keynote speaker, offers organizations a way to secure their information systems, while also creating immense value – and increased revenue generating opportunities from their clients. How? By obtaining a competitive advantage through cybersecurity. Book Charles as your next keynote speaker, and learn more about securing and growing your business today.