Internal employees and contractors can be a significant threat to an organization’s security. In this video, you’ll learn how attackers take advantage of insider threats and ways to protect against this attack type.
We spend a lot of time and a lot of money protecting the edges of our network with firewalls, intrusion prevention, and other types of security systems. But these security systems on the perimeter of our network are not protecting the systems that are inside of our network. And of course, we have many employees in our organization that have access to all of the systems that we might have on the protected internal network.
Because of this, we have to consider that some of these employees could potentially be a threat that’s on the inside of our network. This is not just a threat where users are writing down their password on a yellow sticky and putting it underneath their keyboard. This might be a case where someone inside of your organization, who has access to large amounts of data across many sensitive systems, may somehow become the attacker from the inside of your network.
These employees know where all the sensitive data is stored, they know the security methods that are used to protect that data, and they know how to remove or copy that data without causing any type of security alarms on your network. And these are people that are coming to work every day who have constant access to this very sensitive data. This may not be just disgruntled employees who are part of an insider threat. This may be a directed threat towards your employees.
We have documented cases where the attackers are recruiting people inside of these companies to be able to give them access to systems, or to give them data. For example, we have cases where ransomware has been found inside of organizations, but the ransomware was put there by the employees themselves. The attackers are able to use Bitcoin or some type of cryptocurrency to be able to entice employees to plug in a USB drive and walk away.
The ransomware software starts automatically. It then starts encrypting all of these systems, and the attacker ultimately earns millions of dollars from this single attack. This is why many organizations are updating their security best practices to better protect all of the data that’s on the inside of the network. These organizations are also updating some of their other practices, such as backups, to ensure that they always have a good copy of this data.