Insider threats are on the rise. The global pandemic has seen an exponential growth of cyberattacks targeting remote workers. This has dramatically impacted organizations worldwide as they struggle to maintain a secure working environment. With COVID-19, we have seen a dramatic increase in insider threats across the board, including malicious employees, accidental negligence, third party contractor or vendor misuse, and account compromise attacks. We’ve seen layoffs and reductions in work hours resulting in job dissatisfaction. Disgruntled employees can quickly turn into malicious actors looking for financial gain. The statistics aren’t encouraging. We need a better way to fight the rise of insider threats.
From devices and networks, threats now have shifted to user and application layers. With almost 90 per cent of employees working from home during the COVID-19 crisis, businesses need to invest in right infrastructure and controls and a well-defined response mechanism to protect themselves from the constantly evolving cyber threats, both inside and outside of the organization. An insider threat is generally defined as a current negligent or former disgruntled employees, contractor, or other business partners who has or had authorized access to an organization’s network, system, or data and intentionally or unintentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization’s information or information systems.
For obvious reasons I am following the issue of Wirecard and the “disappearance” of about $ 2.1 billion allegedly in the Philippines, after employees of two leading banks created fake documents, with great interest. Two questions are coming up immediately: 1. Why did the German company select the Philippines as fake recipient of the money, and 2. Who orchestrated the involvement of the two employees in the two selected Philippine banks? But those two issues are not what I am writing about. My concern is the security threat created by employees.
By posing as recruiters on LinkedIn, a new tactic has emerged by which advanced persistent threat (APT) hackers have been able to commit cyber espionage. This was evidenced by the findings of a recent report, which found that cybercriminals—believed to be affiliated with the North Korean government—posed as recruiters working at the U.S. defense groups Collins Aerospace and General Dynamics in order to break into the networks of European defense companies.
China’s National People’s Congress has released the Criminal Law Amendment (Eleven) (Draft) for comments. Perhaps because of the U.S. Department of Justice’s (DOJ) increased enforcement of the Economic Espionage Act (EEA) targeting China as a beneficiary, the Chinese draft adds a separate provision for foreign-related trade secret theft. Specifically, Article 219 will have a new paragraph, “For stealing, spying, buying, or illegally providing trade secrets to foreign institutions, organizations, and personnel, it shall be punished with imprisonment or detention for not more than five years and a fine; if the circumstances are serious, they shall be imprisoned for more than five years with fines.”
When we think about the most public cyber attacks and data breaches, we generally associate them with large enterprises. The truth is cyber attacks are not limited by company size. A significant cyber attack can happen to any company, in any industry and of any size. According to the 2019 Cost of a Data Breach report by the Ponemon Institute, “small businesses face disproportionately larger costs relative to larger organizations when it comes to breaches.” Typically, one of the most valuable assets for any sized company is their data, and data theft or destruction is probably the most frequent result of cyber attacks on small and medium businesses (SMB). SMBs can be very profitable targets for bad actors, because they have fewer resources and little in-house expertise to plan, implement and execute a cybersecurity incident response plan. Business drivers and modernization needs make it an even trickier balancing act with the new norm of working from home.
The risk posed to organizations by cybersecurity threats is large and increasing. COVID-19 related adjustments at home and at work, the move to a remote workforce, and increasing nation-state activity all contribute to the massive increase in cybersecurity risk. There is an immediate need for organizations to quickly implement or mature their cyber risk practices, and even more so as the reality of a new era of remote work and other changes settle after being driven by the COVID-19 pandemic. The cyber risk landscape and cyber-attack surface have changed across the board due to the pandemic, and attackers across the board, including key including nation-state groups, are leveraging the situation with both opportunistic and targeted campaigns. The rush to digitalization due to the pandemic has organizations across sectors that have traditionally relied on legacy technology fighting an uphill battle when it comes to cybersecurity. CIOs, CISOs, and their teams face two key issues – the first being that they have to determine where and how their cybersecurity posture has changed, and the second being that they must direct their teams to efficiently mitigate the cyber risk posed by the gaps they find in their new posture.
While the world has been busy grappling with the far-reaching implications of the COVID-19 pandemic, the cybersecurity landscape has undergone a sudden and steep change. Cybercriminals and accidental actors have taken full advantage of the chaos and uncertainty of the situation to unleash an unprecedented torrent of activity. The Federal Bureau of Investigation (FBI) has received up to 4,000 cybersecurity complaints each day, up from 1,000 per day before the pandemic began. Each one of these instances harms businesses and consumers alike. In many ways, this uptick is attributable to a rapid redistribution of the workforce. Many U.S. adults are working from home in what Time magazine describes as the “world’s largest work-from-home experiment.”