As the pandemic rages on, more companies are concerned about the growing risk of insider theft. Remote work has changed the cybersecurity landscape and has required IT and security staff to rethink where the greatest risks are with a WFH employee base versus onsite. A year ago, who would have thought that VPNs and their vulnerabilities or videoconferencing and Zoom bombing would have even considered a cyberthreat? But even as some risks have changed, others have stayed the same, if not a little more pronounced. The concerns about COVID-19-related phishing attacks continue to loom large, even eight months into the pandemic, for instance. But one area of risk that hasn’t gotten a lot of attention is the insider threat and data theft.
Amazon notified customers and law enforcement of the insider-threat incident this week. Amazon has fired an employee who shared customers’ names and email addresses with a third party. An Amazon spokesperson told Threatpost that it has systems in place to limit and control access to information, and processes in place for identifying and investigating suspicious behavior. These systems notified Amazon of “suspicious behavior.” After the company investigated the incident, it fired the employee, referred them to law enforcement and is working with law enforcement in their criminal prosecution. “No other information related to your account was shared,” according to the note, shared on Twitter by several Amazon customers. “This is not a result of anything you have done and there is no need for you to take any action. We apologize for this incident.” Amazon did not comment on an inquiry from Threatpost asking how many customers were impacted, and what the role of the Amazon employee was.
Risk Based Security released their 2020 Q3 Data Breach QuickView Report, revealing that the number of records exposed has increased to a staggering 36 billion. There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record.” “The quagmire that formed in the breach landscape this Spring has continued through the third quarter of the year,” commented Inga Goddijn, Executive Vice President at Risk Based Security. “Breach disclosures continue to be well below the high water mark established just last year despite other research indicating the number of attacks are on the rise. How do we square these two competing views into the digital threat landscape?” This question is discussed in the 2020 Q3 Data Breach QuickView Report. The report explores numerous factors such as how media coverage may be a factor contributing to the decline in publicly reported breaches. In addition, Risk Based Security states that the increase of ransomware attacks may also have a part to play.
In the coming year, data breaches caused by insiders will significantly increase due to a confluence of factors brought on by the pandemic, according to a new guide from Forrester. Insider incidents may be caused by accidental data misuse or due to malicious employee intent, and a guide the firm released Monday on cybersecurity in 2021 predicts an 8% uptick in such cases. The guide paints a tough road ahead for organizations’ chief information security officers. They’ll be under a lot more pressure due to smaller budgets, Forrester said, as well as increased scrutiny due to more employees sharing management practices over social media, resulting in some high-profile firings. “Expect such repercussions to hit CISOs, given the rise in visibility of the role,” the guide says. “Leaders that create, tolerate, or ignore hostile cultures are on notice that 2021 will be a year of reckoning.” Forrester highlighted three major factors contributing to its prediction around insider threat: “the rapid push of users, including some outside of companies’ typical security controls, to remote work as a result of the COVID-19 pandemic; employees’ job insecurity; and the increased ease of moving stolen company data.”
Prolonged remote working and the pandemic’s potential impact on mental health have led banks and cybersecurity experts to warn of a growing challenge around insider threats, and it could be a costly affair for those organizations that fall victim to this form of cyberattack. As the pandemic sent staff home across the globe earlier in the year, it created the perfect environment for cybercriminals. But while banks and financial firms rushed to gear themselves up against growing external threats, they may have to look within their organization to address the next big cyber risk. Challenges around insider threats are “significant” in the current environment, said Mike Brookes, head of cyber intelligence at Barclays PLC, speaking at the Sibos annual financial services conference Oct. 7.
Insider threats continue to be pervasive and real. Last month’s indictment of a Russian national accused of conspiring to recruit a U.S. company’s employee to carry out a cyberattack is a sharp reminder of that. According to public reporting, Egor Kriuchkov attempted to coax an employee into introducing malware into the company’s internal network in exchange for a $1 million payout. The malware allegedly would have enabled Kriuchkov and his co-conspirators to access and exfiltrate data, which they are alleged to have planned to use to extort a ransom from the targeted company. Fortunately, the employee did not succumb to the plot; instead, the employee reported the matter, assisting in preventing the attack and securing the arrest. Insider threats are not new, but in today’s geopolitical climate, the stakes are arguably higher. The transition to a large-scale remote work environment driven by the COVID-19 pandemic exacerbates these risks in remarkable ways.
Insider threat management is critical for protecting sensitive data against theft, misuse, and loss. The privileged access that insider threats have give them the ability to cause significant damages. The 2020 Ponemon Institute Cost of Insider Threats report found that the average cost per insider incident rose from $8.76 million in 2018 to a staggering $11.5 million in 2020. In this article I will outline the core principles and technologies organizations use to protect sensitive data against insider threats.
These days it’s not uncommon for security teams to focus their efforts on protecting a business from outside threats, but if you dig a little deeper the call could actually be coming from inside the house. Research into threat behavior suggests that a staggering 60 percent of breaches stem from the people within your own organization. Scared? You should be, especially given insider threat can be one of the most damaging to an organization. Without a detailed focus, there is a real chance that security teams could be overlooking the obvious – a threat much closer to home, possibly even inside your network perimeter, building or even in the office. An individual that might just be the biggest threat to your organization’s security! So what are the motivations of an insider threat? What might lead someone to create havoc from within? Here are my top tips on what to look out for to avoid a fright.
Insider threats are one of the biggest security challenges that organizations face, and once an incident happens, recovery can be costly for businesses. A recent Ponemon Institute report found that spending on insider threats has increased by 60 percent over the past three years, and by 25 percent since 2018. Considering the amount of cleanup needed — insider-related incidents that take more than 90 days to clean up can cost significantly more — having only a response strategy may not be the right approach. Building a program to combat insider security threats is increasingly seen as a smart move for large organizations looking to mitigate their risk. It’s important to understand the threats at play, and taking steps to do something about them ahead of time can save organizations time and money.
SafeGuard Cyber announced the results of a new survey of 600 senior enterprise IT and security professionals. Companies surveyed ranged in size from $100M to more than $1BN in revenue. SafeGuard Cyber’s Digital Risk Survey was conducted to understand how businesses rate their own security and compliance risks in the new digital reality of the workplace wrought by COVID-19 pandemic. Respondents were asked to effectively grade their adaptations to date, articulate what gaps still exist, and how they are planning for the future. Fully 31% of respondents reported their entire business process has changed and is still evolving, while 26% said they’ve rushed certain projects that were scheduled for later. The study revealed the need to harden unconventional attack vectors in cloud, mobile, and social media technologies. Moreover, enterprise organizations are juggling the twin demands of budget constraints and the need to drive business outcomes.
Each year, cybersecurity companies publish a number of research reports focusing on different aspects of cybersecurity and breach trends. Below is a list of some of the most alarming statistics from several reports published throughout the year.
- 75% of security professionals now experience more work stress than just two years ago. (Source: LogRhythm’s State of the Security Team Report)
- 78% of hackers said AI-powered cybersecurity solutions alone aren’t enough to outmaneuver cyber attacks over the next decade. (Source: Bugcrowd’s Inside the Mind of a Hacker Report)
- 61% of respondents reported at least one insider attack over the last 12 months (22% reported at least six separate attacks). (Source: Bitglass 2020 Insider Threat Report)
- 93% of security professionals lack the tools to detect known security threats, and 92% state they are still in need of the appropriate preventative solutions to close current security gaps. (Source: LogRhythm’s State of the Security Team Report)