Gentlemen… we have a spy in our midst. And that’s just the start of our problems.
This week’s episode is all about insider threats and believe me if you weren’t a hermit before watching this, you will be by the end of it.
So, backing up from the amateur dramatics, what is an insider threat? It’s pretty much what it says on the tin – an employee who helps, either knowingly or unknowingly, threat actors to compromise your systems. Yep that’s right – I said both knowingly and unknowingly.
There are actually three main types of insider threat:
- A malicious insider
- An unwitting insider
- And finally, a mole. And don’t worry, no need to call the exterminators yet, though they may need to come re-home those possums in the loft.
Let’s take the mole first, since it’s kind of a misnomer. A mole isn’t actually technically part of your organization. They’re on the outside looking in. What do we mean by that? Well, imagine you got an email from your CEO saying to wire a few hundred bucks to a contractor as we forgot to pay their last invoice – you might consider doing that right? After all the CEO told you to. Unlucky – you just got hit by the mole. A mole is an imposter that’s managed to get inside access to your system to achieve their goals and infiltrate further – in this example, they were able to send an email as the CEO.
But sure, if your CEO’s been hacked you’ve probably got bigger problems. So let’s move onto competitor number 2 – the unwitting insider. You’re probably thinking that all of our employees know what’s up – they wouldn’t possibly put the company at risk right? Well actually this type of insider is one of the worst for breaches, with a solid chunk of all security incidents coming from them. What? How can that be?
Do you remember all those phishing emails at the bottom of your inbox?
If one of your employees accidentally clicks a link and submits their credentials or downloads a file, and an attacker gets into your network, well then they’ve potentially paved the way for a massive security incident, and have become an unwitting insider. Oops.
With the amount of threats targeting employees, it’s no wonder that this is the most common type of insider threat.
And that all leads to the final (and despite what Hollywood may have you believe) the least common type of insider threat. The malicious insider. Or as I like to call them, turncoats.
Picture the scene – you’re heading into work and have decided to buy the team coffee – after all the results this quarter were through the roof. You hand out the coffee and go about the rest of your day. Did you spot the malicious insider?
No? I don’t blame you. The issue with malicious insiders is they’re often extremely difficult to spot – after all they know what they’re doing, so will try to cover their tracks. But that’s not even the worst part.
Really, a malicious insider could be anyone in the organization currently, or people that used to be part of it. There are lots of reasons someone could decide to do this, and all of this is why a data loss prevention strategy is an important component of any organization’s security strategy.
Don’t worry though – it’s not all doom and gloom!
Like we said, a malicious insider is the rarest of insider threat types. So don’t lose too much sleep over them – your people are an asset and you should treat them as one – after all they’re all choosing to join you on a journey with your organization.
We mentioned a data loss prevention strategy before, and that is one of the best tools in your arsenal against an insider threat. A DLP will help you protect critical assets, enforce policies and increase visibility within your organization. We’ll have more on that in another episode, but for now you can rest assured that the folks at Skye Technologies have implemented these in organizations and are well equipped to help you defend yourself against all of these threats.
Tune in for next week when we kick things up a notch, as we look at advanced persistent threats, or what to do when a government has decided to take a special interested in you.