Effective cyber-security remains a continuous struggle for enterprises – both big and small. And although some progress has been made in recent years, a large percentage of companies are still not doing enough to protect their sensitive data. To make matters worse, the costs associated with cyber-attacks continues to rise.
For example, between 2016 and 2017, there was a 23% increase in the costs associated with cyber-crime. While there are a myriad of security threats which organizations are faced with, most incidents are caused by inadequate security policies and/or malicious or negligent employees.
Below are some of the key areas enterprises need to focus in order to minimize the chance of an insider threat.
Phishing and CEO Spoofing
Phishing attacks are a popular attack vector, whereby hackers trick unsuspecting users into either handing over sensitive data or login credentials, or even manage to convince them to wire funds to a fraudulent account.
Enterprises are at most risk from Phishing attacks, as it is easier to locate and target employees that work for a large company. Likewise, hackers can easily find out the names of CEOs and CFOs and keep track of any events/conferences they attend, which enables them to masquerade as an executive – a technique referred to as CEO spoofing.
Phishing and CEO spoofing attacks often use Social Media platforms, such as LinkedIn, to gather such information. As you might expect, one of the most effective ways to minimize the chance of a Phishing attack is through regular security awareness training. On top of which, employees should be reminded to relax when looking through their emails, as to avoid unnecessary mistakes.
Ransomware and Crypto-Jacking
Unless you’ve been living on the moon, you are no doubt familiar with ransomware, which seeks to encrypt our data and demand a Bitcoin payment in exchange for the decryption key. However, despite being an attack vector that is widely understood, many enterprises still fall victim from time to time. And then we have crypto-jacking, a relatively new attack vector whereby users are tricked into installing a malicious script which enables hackers to mine cryptocurrencies on their computers without them knowing.
As with both ransomware and crypto-jacking, ongoing security awareness training is a must. However, crypto-jacking can be slightly harder to identify, as the scripts are often embedded in websites as opposed to arriving via a phishing email.
To protect against ransomware attacks, enterprises will need to keep regular and reliable backups and make sure that all software is patched/updated. Naturally, anti-malware software and Firewalls can also help to detect anomalies in inbound and outbound network traffic.
Enterprises will also need to implement other technical measures, such as preventing files running from AppData/LocalAppData folders, enabling hidden file-extensions, filtering EXEs in emails and disabling Remote Desktop Protocol (RDP) in Windows.
Another solution, which is not as widely publicized, is “threshold alerting”. Threshold alerting enables enterprises to detect events that match a pre-defined threshold condition, such as the bulk encryption of files. Once it detects an anomaly it can automate a response, such as shutting down a server, or disabling certain accounts and processes.
Protection against crypto-jacking requires a different set of solutions, such as installing tools to monitor/alert on network performance issues, installing ad-blocking or anti-cryptomining extensions on web browsers, or perhaps even installing mobile device management (MDM) software on users’ devices to control which software/services/websites they can use/access.
Malicious or Negligent Employees
There are many reasons why a current or ex-employee might turn “rogue”. Perhaps they feel embittered as their employment was terminated for what they perceive to be an illegitimate reason. Perhaps they were denied a promotion, which they believe they deserved.
Alternatively, they could be motivated by money, curiosity, or a sense of empowerment. Of course, not all incidents are caused by malice. Some are simply the result of mistakes. According to the 2016 insider threat report, negligent users pose as the greatest security threat. This is usually attributed to inadequate security training; however, there are a number of other reasons, such as users with excessive access privileges, an increase in the number of devices used in the workplace, and the increase in the complexity of IT environments.
When an employee leaves a company, for whatever reason, it is imperative that their account is deactivated in a timely manner. Ideally, the process should be automated, and administrators alerted accordingly. Additionally, companies must implement solutions which can detect and respond to changes made to their sensitive data, including access permissions, privileged mailbox accounts, and so on. For protecting companies against negligent employees, all staff members must be enrolled on an ongoing training program, which teaches them how to correctly handle sensitive company information.
It is important to note that accidents happen, with or without the right security training. As such, enterprises will still need to closely monitor the behavior of their employees, and be able to alert and respond to suspicious events. Real-time auditing solutions, such as LepideAuditor, provide a number of tools which can protect companies from both malicious and negligent employees. For example, they can monitor access privileges, respond to suspicious file and folder activity, and detect unauthorized mailbox access. Additionally, they can automatically manage inactive user accounts, remind users to reset their passwords, and a lot more.
BYOD (Bring Your Own Device)
BYOD is a growing trend where employees are allowed to use their own devices in the workplace. As you might imagine, this trend comes with a number of security risks, if not properly managed. Companies will need to make sure they establish and enforce policies that ensure that all employee devices are used securely. Below is a basic checklist for managing BYOD:
- Any software installed on an employee’s device must be regularly patched/updated
- All sensitive data stored on an employee’s device must be backed-up regularly.
- All devices will need to be protected with a password/PIN.
- Companies should use a device locator service and remote wiping software, to deal with situations where a device gets lost or stolen.
- Employees must avoid connecting to public Wi-Fi networks.
- Companies should use Mobile Device Management (MDM) software to enable IT teams to control security settings and software configurations on devices that connect to their network.