Insider Attacks Growing; Firms Not Prepared

Thursday, October 8, 2015 @ 06:10 PM gHale

Insider threats are the biggest problem any enterprise has and it looks like most companies are not doing too much about it, a new report said.

Of the 772 IT security professionals surveyed, 74 percent said they are “concerned about malicious employees,” according to the SANS Institute and SpectorSoft report.

German Steel Mill Attack: Inside Job
Multi-Tasking Leads to Incidents: Report
Security Threat: Middle Managers
Insider Attacks Rise, Unaware of Risk

The survey spans 10 industries including financial, government, and technology and IT services. The survey data also shows 32 percent of respondents “have no technology or process in place to prevent an insider attack.”

Clearly there is an intersect between professionals who gave each response. With more than 25 percent of survey respondents employed at organizations with a workforce greater than 20,000 people, the large enterprise has representation in this data.

Insiders whose behavior purposely or inadvertently threatens the enterprise and its data fit several archetypes, each with clear profiles, behaviors, intentions, and associated threats, according to insider threat detection firm SpectorSoft. CSOs explore insights into insiders such as moles, imposters, disgruntled employees, hacktivists, ringleaders and those who feel entitled together with how companies can “pause” and “delete” them.

The answer to the question of why some companies would have no special protection against insider threats is an easy one: Leaders and managers who make those decisions are people too and given to naturally positive human assumptions and ignorance.

“Some organizations maintain a ‘not in my backyard’ mindset, stemming partially from culture and partially from the lack of a known incident,” said Mike Tierney, COO, SpectorSoft. Ultimately the organization cannot foretell what any employee will do or become once they are part of the company.

A closer look at archetypes of people who are threats as described by SpectorSoft will reveal what drives them. A mole is obviously someone who really works for someone else, perhaps another company but really any entity with a cause in opposition to the target company. According to SpectorSoft, a mole will often have science and engineering skills, hold a position creating intellectual property, and has access to critical data, which they will attempt to pilfer.

An imposter is actually an outsider with insider credentials, an attacker or former employee. They target those and other credentials and accounts to steal or breach data and intellectual property.

The disgruntled employee is out for revenge, seeking justice for real or imagined wrongs of the company. According to SpectorSoft, this employee is easier to detect than other malicious actors and the enterprise should isolate them before they sabotage, steal, breach, or defraud the organization.

A hacktivist wrecks, subverts, and destroys systems and data belonging to high-profile organizations or governments in a publicly obvious fashion to make a social or political statement.

A ringleader seeks financial gain by accessing information outside his purview so he can leave with more than he invested in the company to form another business or work for a competitor. The ringleader enlists any help he can to achieve their goals. Similar to the ringleader, an entitled employee plans to walk out with their work product and compete with their former employer. He usually works alone, exploiting his work product and any knowledge of it.