“Security is fundamentally a human issue,” Scott Crawford
News and articles about data breach, malware attacks, or how vulnerable we are to cyber-attacks are common these days. All of this is often interlinked and related to bad actors, software vulnerability, lack of security updates. To resolve which companies, focus on hardware and software security update. But in this they often overlook or ignore the key piece responsible for these attacks i.e. the end user sitting inside the organization.
Shocked? Don’t be, according to researchers 60% of cyber-attacks are caused because of, or by the end user themselves. They are the weakest link every organization has and it is not going to change anytime soon.
But how can an end user be responsible for cyber-attacks?
To know the answer let’s take a closer look at types of user profile that can be a risk to companies’ security.
Types of Insider Profile
Until we look deep, we think cyber security threats like ransomware attack, DDoS, malware attacks are associated with bad guys and are frequent. But, the fact is cyber-attacks are usually associated with careless users, privileged users, third parties, malicious links, terminated employees, IT professionals, outside consultants.
A survey done on employees indicates 56% of regular employees, 55% of privileged IT users, 42% of third parties/outside consultants, 29% of executives and 22% of customer clients pose as biggest security risk to an organization.
The above-mentioned data explains, insider threat doesn’t just come from dishonest people. There are others who are responsible, and companies need to pay attention to them to stay secure.
Types of Insider Threat to Cybersecurity
1. Unintentional User
30% of security incidents takes place as employees don’t have enough know how on cyber security practices. Due to which they fall for phishing frauds and end up giving out the confidential information to bad guys.
To understand let’s see how phishing scam takes place:
Step 1 – An email is sent to the users from senior management asking them to prove they are who they say. For this they need to click on link received in the mail.
Step 2 – Once they fall for the trick and click on the link, hackers are able to immediately access all the information stored on their system along with their email accounts.
Now that hacker has access to everything he starts sending out messages to everyone in your contact list to collect more data. This way hacker is able to get a grip on various accounts and one unintentional action becomes responsible for data leak.
2. Negligent User
When employees try to avoid security, policies laid to secure data they end up giving all information to bad guys. For example, if the company doesn’t allow external file sharing, employees share the work on public cloud applications without thinking of the consequences. Thus, end up opening gate for hackers to access data.
3. Malicious User
Often this threat actor is overlooked, as companies trust their employees. But when employees within the organization gets motivated by financial gain or are willing to go to any extent to take revenge they end up sharing data with bad guys.
4. Third parties/ outside consultants
Some breaches occur due to vulnerable third parties or outside consultants. If the supplier or third party has access to your network, then an attacker can easily compromise their system to hack into your network and access data.
Now, that we know about type of user profile posing as danger. It’s time to know about common insider threats, motivators, methods adopted by hackers and data breaches caused due to end user.
Common Insider Threats
Employees are the greatest liability an organization has, as they are the ones responsible for attacks that takes place due to phishing emails, clicking on links, or downloading malicious documents.
Five Insider Threats Danger to Sensitive Information
1. Misuse of Information Using Remote Access Application
Remote access software like GoToMyPC, Citrix are responsible for information mishandling. Because they allow person sitting at the other end to access system without user intervention. This means if the computer is left unattended hackers can easily steal sensitive information without doing much.
To stay protected from this insider threat organizations needs to tighten the security controls, limit remote login time, encrypt hard drive, and generate usage logs to keep a watch on actions performed when the system was unattended.
2. Sharing information via messaging and email
Confidential information can easily be shared as an attachment via email and instant messaging. This is a serious threat and to eliminate it companies need to set up network analyzer, keyword filtration and specific attachments.
3. File sharing on P2P networks
A simple misconfiguration is enough to compromise your data shared over peer-to-peer software like IM or Kazaa. To keep shared data safe, running a firewall software with security filters will help.
4. Insecure Wireless network usage
Insecure wireless network usage is the most accidental and dangerous insider threat. User can put data in jeopardy by connecting to any public WIFI found at a coffee shop, hotel, or any public area. All it takes is to interfere the into the file transfer or access the email to steal sensitive data.
5. Sharing information on blogs or discussion boards
Employees post support request, work related messages over the Internet and this can include sensitive information, file attachment that can put organization at risk.
Must Read : Is Penetration Testing Need Of The Hour For Ensuring Cybersecurity?
Types of Insider Threats
Insider threats goes undetected because of their type. There are 3 most common types pf insider threats.
Careless: When user accidently expose sensitive data because of misinterpretation or negligence.
Compromised: Unintentional exposure of information via social engineering or malware.
Malicious: Purposely stealing sensitive information or compromising system for financial gain or professional retaliation.
Motivators for Insider Threats
Behind every human action there is a motive, same is true in case of Insider Threats.
The basic motivators for Insider Threats are as follows:
Insider Threat Methods
Attackers adopts various methods to gain access to sensitive information. From phishing emails to malicious links, they implement all methods to trick careless employees to accidental leak data.
Data Breach Caused by End User
Here we list down famous insider threat cases:
Company | Type | Method | Damage |
Target | Compromised Insider | Stolen Credentials. | 40 million debit and credit card details were stolen that caused monetary loss of $ 105 million.
|
Sony Pictures Entertainment | Compromised Insider | Phishing Emails | Damage of $ 35 million along with 100 TB of stolen data |
Gregory Chung | Malicious Insider | Physical and electronic theft | Data worth $ 2 billion was stolen and send to China |
Edward Snowden | Malicious Insider | Electronic theft | Up to 1.7 million classified documents stolen |
Also Read : Is Moving To A Cloud Server Good For Security?
At the end we can clearly say end user is one of the top cyber security threat often overlooked. If a company wants to stay safe and secure they need to face the fact about end user being a threat to their security and privacy. The sooner they realize this fact sooner they will be able to safeguard themselves from security breach caused all because of the naïve end user.