In Barracuda's recently published report 2019 Email Security Trends 79% of IT professionals from around the globe reported concerns surrounding attacks and breaches originating from inside the organisation.
It's easy to see these numbers and wonder why so many businesses are worrying about the malicious intentions of their own employees when there are so many relentless anonymous attackers out there, but insider threats aren't quite this simple. In this article we explain what exactly an 'Insider Threat' means, outlining the typical step-by-step process of these attacks, as well as some advice for identifying and preventing.
What is an Insider Threat?
Insider threats by definition simply mean a threat that originates from a person or group of people within the organisation - such as employees, former employees, contractors or business associates - who have inside information concerning the organisation's security practices, data and computer systems. This is all pretty straight-forward so far, but the key detail here is that the intention behind the threat is not defined - this is because insider threats can be both malicious and accidental.
Malicious Insider Threats
Despite it being less common, this is the typical scenario that comes to mind for most people when hearing the phrase 'insider threat' - a disgruntled employee damages company systems, data, reputation and more simply to satisfy their need for revenge. Below are some examples of how this threat could materialise:
- Infecting systems by knowingly downloading malware
- Releasing or wiping confidential company data
- Damaging physical devices and inducing downtime
The truth is, as much as this is still a very real threat, this kind of attack can be avoided quite easily through access management, changing login details once staff members have left the company, and most importantly creating a positive work environment to prevent users feeling disgruntled in the first place.
Accidental Insider Threats
Insider threats can also refer to an accidental exposure of sensitive data due to employees lacking cyber security awareness and poor/unclear workplace protocols.
Although most professional individuals are quite confident in their security practices, human error is actually one of the primary causes of data breaches, even affecting well-established organisations like the NHS and Sony. Below are some examples of how this kind of accidental exposure can occur:
- Social Engineering attacks
- Downloading malware infected software and applications
- Weak password security
- Careless data handling
- Negligence of workplace security procedures
Preventing this type of insider threat is a bit more complicated as mistakes can happen in various ways to various areas of your business. To mitigate the risk as much as possible a layered approach is recommended, including the implementation of an advanced inbox defence solution, continuous user awareness training, secure access management and encrypted communications.
Combating the Threat of User Error & Security Awareness
Step-by-Step Process
To display how quickly these threats can develop and spread, we're using one of the most common, detrimental types of insider threat, which is those stemming from highly-targeted social engineering attacks.
Identify and Prevent
Barracuda Sentinel mitigates the risk of Insider Threats at every step through its 3-point protection: Prevent, Detect, Remediate.
Office 365 Account Takeover - the New Insider Threat
Prevention takes place at the email gateway where any targeted phishing attacks identified through Sentinel's artificial intelligence are blocked, stopping many advanced attacks before they even reach a user's inbox.
For the cases where highly-sophisticated campaigns evade gateway defences, Sentinel detects any signs of account takeover, immediately alerting the IT team with concerns.
Finally - an important but often overlooked step - Sentinel remediates the incident by removing any malicious emails sent on from the compromised account, alerting any external contacts involved, and identifying all users who clicked on links to protect their accounts before find themselves compromised too.
For more information on Barracuda Sentinel register for one of our weekly online webinars!