Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Insider Threats. Show all posts

Understanding and Combating Insider Threats in the Digital Age


Insider threats have emerged as a particularly insidious and costly problem. Organizations are experiencing a significant surge in cyberattacks originating from insider threats, with remediation costs soaring up to $2 million per incident.

Gurucul's research, which involved a survey of over 400 IT and cybersecurity professionals, highlights the growing issue of insider threats. In 2023, 60% of organizations reported insider attacks, but this figure escalated to 83% in 2024. Moreover, the number of organizations encountering six to ten attacks yearly doubled from 13% to 25%. Nearly half of the organizations surveyed by Gurucul indicated that insider attacks have become more frequent in the past year.

Understanding Insider Threats

Insider threats refer to security breaches from within an organization, typically involving employees, contractors, or business partners with legitimate access to the organization's systems and data. These threats can be malicious, such as employees intentionally stealing sensitive information, or unintentional, such as inadvertently exposing data through negligence or lack of awareness.

Factors Contributing to the Rise

Several factors contribute to the growing prevalence of insider threats. First, the complexity of modern IT environments makes it harder to detect and prevent unauthorized access. Second, the rise of remote work has expanded the attack surface, as employees access corporate networks from various locations and devices. Third, the increasing sophistication of cybercriminals means that traditional security measures are often insufficient to protect against advanced threats.

Mitigating Insider Threats

Gurucul researchers identified that the primary driver behind insider attacks is the increasing complexity of IT environments, which creates significant visibility gaps. As technology becomes more intricate, and with more employees accessing system networks, the attack surface expands, making it more challenging for cybersecurity staff to ensure protection. 

Moreover, the rapid adoption of new technologies like the Internet of Things (IoT), artificial intelligence (AI), cloud services, and software-as-a-service (SaaS) applications also contributes to this growth, outpacing the ability of organizations to keep up.

Impact of New Tech

The introduction of new technologies adds layers of complexity, posing difficulties for existing staff to counter threats, leading to overwork and burnout among IT personnel. Nearly 30% of respondents indicated insufficient staffing to implement and maintain security tools, and even when adequate staff is available, many lack the training and expertise to manage these tools effectively. 

The researchers recommended that organizations facing these challenges should transition to more intuitive tools that can "reduce alert triage and false positives by providing comprehensive evidence with context and advanced behavior analytics."

Cybersecurity Incidents are Rapidly Increasing in UAE

 

The majority of businesses in the United Arab Emirates experienced a cybersecurity issue at some point in the last two years. 

According to Kaspersky data, 87% of UAE businesses have experienced different kinds of cyber attacks over the past two years. However, 25% of those cybersecurity incidents were caused by malicious behaviour on the part of their employees. 

Growing concern about malicious insider threats

Employees engaging in malicious online activities are becoming a serious concern for businesses across all industries, with Kaspersky identifying them as "the most dangerous of all employees who can provoke cyber incidents."

Kaspersky claims a number of factors encourage individuals to engage in illicit activities against their employers, including understanding their firm's IT and cybersecurity infrastructure, access to the company network, and taking advantage of colleagues' knowledge to launch social engineering attacks.

Jake Moore, global security advisor at ESET, concurs that malicious insider threats are "a significant worry" for businesses, but he emphasises that "humans also carry an accidental risk in business situations." 

He further elaborates: "Accidental threats might include employees inadvertently bringing in malware or enabling data leakage, which can often be mitigated with annual and ad hoc training programs for all staff.”

Although UAE-based companies are facing high levels of cybercrime, which includes 66% experiencing data breaches, the problem is not getting any better.

A previous Kaspersky study, published in December 2023, found that 77% of APAC companies lack the tools required to detect cyberattacks. Meanwhile, 87% of businesses have a cybersecurity talent shortage, making it more difficult to halt cyber criminals in their tracks.

Security officials in the UAE have previously struggled to maintain safe remote access to employee and corporate-owned devices, according to Mohammed Al-Moneer, Infoblox's regional senior director for META. He stated that firms are concerned about data leaks and cloud attacks "and do not believe they have a firm handle on the insider threat." 

Merely 15% of participants in the UAE, according to the Infoblox report, feel that their company is equipped to protect its networks against insider attacks. 

Gopan Sivasankaran, general manager of Secureworks' META region, explained that the UAE's thriving digital economy and increased use of data make it an "attractive" target for both hacker groups and hostile states. 

"The insight from the incident response engagements and active attacks on businesses we've worked on in the Middle East over the last year show organisations in the UAE have been victims to large scale wiper attacks as well as nation-state sponsored attacks," he said.

The Dark Web: A Hidden Menace for Businesses

 

In recent months, the Indian capital's remote region of Nuh has garnered unwanted attention for its transformation into a cybercrime hub, mirroring the notorious Jamtara region. With over 28,000 cybercrime cases spearheaded by unemployed social engineers, Nuh has firmly entrenched itself in the dark web's criminal ecosystem.

Earlier this year, James Roland Jones, a SpaceX engineer operating under the alias "MillionaireMike," admitted to discreetly purchasing personal information and selling insider tips of an anonymous company on the dark web. This incident highlights the pervasiveness of illicit activities on the dark web, a concealed realm of the internet frequently linked to anonymous crimes.

Unlike the conventional web, the dark web evades search engine indexing and remains inaccessible to standard web browsers. Instead, users employ specialized software like Tor (The Onion Router) to navigate its encrypted pathways. Initially developed by the U.S. government for secure communication, the dark web has since morphed into a haven for criminal enterprises.

The 2019 study "Into the Web of Profit" by criminology professor Dr. Michael McGuire from the University of Surrey revealed that cybercrime has evolved into a thriving economy, generating an annual turnover of $1.5 trillion. Alarmingly, the study also uncovered a 20% surge in harmful dark web listings since 2016. Among these listings, a staggering 60% pose a direct threat to businesses. Dr. McGuire identified 12 domains where enterprises face the risk of compromised data or network breaches.

Common Threats Posed by the Dark Web

1. Illicit Data Trade: The dark web serves as a marketplace for stolen personal data, including login credentials, intellectual property, credit card details, and other confidential information. This stolen data fuels malicious activities and identity theft, often sold to the highest bidder.

2. Competitive Intelligence and Espionage: The clandestine nature of the dark web provides a fertile ground for competitors to gather intelligence on each other, often through industrial espionage, where trade secrets and confidential data are illicitly acquired.

3. nsider Threats:The dark web can entice insiders within organizations with financial rewards to reveal confidential information or aid in cyberattacks.

4. Hacking Services: The dark web offers a vast array of hacking services, ranging from customized malware to phishing kits, empowering attackers to execute sophisticated cyberattacks.

5. Operational Data, Network Access Tools, Tutorials, and Keyloggers: These resources are readily available on the dark web, enabling attackers to gather sensitive information, gain unauthorized access to networks, and monitor user activity.

Protecting Your Business from the Dark Web's Shadows

1. Stay Informed: Familiarize yourself with the latest dark web trends and threats to proactively identify potential risks.

2. Implement Robust Cybersecurity Measures: Employ strong passwords, multi-factor authentication, and network security solutions to safeguard your organization's data and systems.

3. Educate Employees: Train employees on cybersecurity best practices, including recognizing phishing attempts and handling sensitive data with care.

4. Engage Cybersecurity Experts: Collaborate with experienced IT professionals to assess your business requirements and develop tailored cybersecurity strategies.

5. Monitor Dark Web Activity: Utilize specialized tools and services to monitor the dark web for mentions of your organization or stolen data related to your business.

By staying vigilant, implementing robust cybersecurity measures, and educating employees, businesses can effectively mitigate the risks posed by the dark web and protect their valuable assets. Remember, knowledge is your shield in the digital realm.

Insider Attacks Becoming More Frequent, And Difficult Gurucul Report

Gurucul, is a California, United States-based company that is known for its innovative solutions for the Next Generation SIEM market, and also provides other companies with risk intelligence to detect, prevent, and deter advanced internal and external threats and fraud. 

The company with its 600,000+ member online community for information security professionals has published its annual 2023 Insider Threat Report. In the survey, more than 325 cybersecurity professionals participated. The report talks about the latest trends and challenges the organizations are dealing with as they try hard to protect their systems from changing insider threats. 

Along with these areas, the survey also highlighted — how worldwide companies are preparing to protect their critical data and IT infrastructure. The report indicates that insider threats for organizations are a top concern of all other kinds of cyber threats. However, only 3% of respondents surveyed are not concerned with insider risk. 

As per the data, organizations have never felt more helpless and vulnerable than today. Cyber threats are increasing at a faster pace. Three-quarters of respondents said they feel moderate to extremely vulnerable to insider threats – an increase of 8% over the previous year. 

Around, 74% of organizations have reported that insider attacks have become more frequent (a 6% increase over last year), with 60% experiencing at least one attack and 25% experiencing more than six attacks. Additionally, 87% of organizations consider unified visibility and control across all apps, systems, web destinations, on-premises resources, and infrastructure to be moderate to extremely important. 

Following the report Saryu Nayyar, Gurucul CEO said, “This report sheds light on some of the most interesting insider threat challenges facing organizations today. While it shows that 86% are using some sort of solution to monitor user behavior in some way, it was surprising to see that access logging was the primary method and that only 25% are using automated tools to monitor user behavior 24×7.” 

Furthermore, more than half of respondents reported that detecting insider threats is very hard in the cloud and that uptime and performance of tools like SASE and CASB are crucial for success. 

“The types of monitoring and analytics used to detect insider threats vary widely between organizations. This highlights the need for better tools and processes to analyze data behavior, user behavior, access, and movement across a network both internally and externally to detect and prevent insider attacks,” Nayyar further added.

Quiet Quitting: High Time to Shift Existing Workplace Culture


As per a Gallup finding, “Quiet quitters,” the employees who are apparently detached from their jobs and do a minimum of the required work as a part of their roles, make up at least 50% of the U.S. workforce (or more). 

Unengaged employees increase security risks for businesses, since it only takes a minor error, like clicking on an attachment in a phishing email or using the same login credentials in order to enable access to an attacker to the respective network. 

Taking into consideration that at least 82% of the data breaches in 2021 included human errors, security experts cannot ignore the risks of quiet quitting, especially amidst this era of Great Resignation, in which employees look forward to a better work-life balance. 

Quiet Quitting and Insider Threats

Although these under-engaged and quiet quitting employees pose a potential insider risk, they are not always a threat. In regards to this, Gartner asserts that “not every insider risk becomes an insider threat, however, every insider threat started as an insider risk.” 

Given the risks, organizations must be prepared to combat insider risks from turning into potential threats that could disclose regulated data. 

“It’s important to be aware of quiet quitting, so a quiet quitter doesn’t become a loud leaker. Leading indicators for quiet quitting include an individual becoming more withdrawn becoming apathetic towards their work,” says Jeff Pollard, Forrester VP Principal Analyst. “If those feelings simmer long enough, they turn into anger and resentment, and those emotions are the dangerous leading indicators of insider risk activity like data leaks and/or sabotage.”

Unfortunately, data leaks caused by employees are exceptionally common. According to a recent Cyberhaven survey, during the course of six months, almost one in ten employees will exfiltrate data. Additionally, it was discovered that employees are considerably more inclined to divulge sensitive information in the two weeks before their resignation. 

Employees Consider Their Work-Life Balance

It is important to keep in mind that it can be challenging to distinguish between workers who are seeking a better work-life balance and those who have checked out and are acting negligently when discussing quiet quitting. 

“While the term [quiet quitting] is conveniently alliterative and ripe for buzzworthyness, underneath it’s problematic and requires further definition. Are employees who are content with their current position and maintaining reasonable work-life boundaries quitting? […] A large portion of “quiet quitters may actually be some of our safest and most reliable employees, so let’s redefine “quiet quitters” as only those who are willfully disengaged and apathetic but staying just above the thresholds that would potentially lead to their dismissal,” says Josh Yavor, Tessian CISO. 

When looking forward to the ideas of how should threats, caused by disengaged and apathetic employees, be mitigated, one must be considerate before putting blame on anyone. Since, the underlying reasons might as well be an unhealthy working ambiance for the employees, for they could be burdened with unattainable expectations or deadlines, or even workplace harassment and bullying. 

Quiet quitting, in this sense, necessitates a company-wide effort to support employee wellness and work-life balance, not merely a difficulty for security teams to address. 

Mitigating Insider Risks: 

In order to reduce the risk of potential insider risks, companies must take into account the sentiments of their working staff. 

(ISC)2 CISO Jon France says, “While quiet quitting is a relatively new term, it describes an age-old problem — workforce disengagement […] The difference this time around is that in a remote work environment, the signs may be a little harder to spot. To prevent employees from quiet quitting, it is important for CISOs and security leaders to ensure and promote connection and team culture.”

In the remote and hybrid working culture between company employees, the mere acknowledgment of their work-life balance is not sufficient. Organizations must as well be supportive of their employees, ensuring they are not at any risk of work stress or burnout. Additionally, taking into consideration the way its employees narrate working in an organization. 

Addressing Human Risks

While it is important to look after employee engagements, one must also consider mitigating human risks in an organization in order to evade potential data leaks. 

One of the easier ways to reduce the risk of data leaks is by ensuring that employees are enabled access to only the data and resources that they require in order to perform their roles. It further ensures limited exposure to the organization specific data. 

Another solution is to offer employees security awareness training, conducted by the organization, in order to educate them about employee security-conscious behaviors or how to detect phishing attacks or scams. As a result, aiding to evade the chance of potential credential access and account theft attempts by threat actors. 

This way, an individual could be helpful to the organization in maintaining its security, detecting and managing a variety of human risks, and kickstarting cultural changes.