cyber express
Insider Threats: Elephant in the cubicle!

Insider Threats: Elephant in the cubicle!

Insider threat is more serious than we anticipate. One in four employees has intentionally leaked confidential data. They are also likely to share data with their new or former employers

  • PublishedJuly 29, 2022

In June 2017, while scouting through GitHub, an online code-sharing programming resource, information security expert and author Jason Coulls spotted a trove of sensitive documents from several American, Canadian, and Japanese financial institutions. The repository contained migration plans, estimates, presentations, and other sensitive data that could have put those companies at risk.

Further research into the breach revealed that the data leak was an accidental mistake or rather a “monumental common-sense failure” of a developer working with Indian IT service giant Tata Consultancy Services (TCS). Coulls immediately notified the banks about the leak. “This was a new level of monumental head-scratching activity, as you could fork or clone an entire repository containing architecture details and roadmaps for some of the largest financial institutions in North America,” he wrote in a blog post.

“The good news is that none of it was banking customers’ data,” Coulls told technology news website The Register after the incident. “But there was still a lot of useful stuff there – not just for hackers but for the firm’s competitors. The first bank that looks at it gets to see what everyone else is doing.” Coulls also roasted TCS for not firing the team member immediately after the incident who was the most significant catalyst for the monumental catastrophe.

Insider threats pose a higher risk than hackers

The above incident highlights what accidents can do, but what is even more staggering is that one in four employees have intentionally leaked confidential data. When data privacy and risk management company Egress Software Technologies surveyed 2,000 UK workers, they may not have anticipated that the threat they were handling was elephants in the cubicles.

The survey revealed that employees who leaked information were likely to share data with their new or former employers or competitors. These could be bank details and customer information, among other sensitive data.

A survey by Vanson Bourne stated that insider threats pose a greater risk to companies than external threats such as breaches and hackers. s. It pointed out that 74 percent of cyber incidents occur within organizations, with 42 percent being employees alone. When considering the extended enterprise, meaning employees, customers, suppliers, or even previous employees, the number increases to 74 percent.

Nearly 90 percent of organizations are vulnerable to attacks from insider threats, according to the Insider Threat Report 2018 by CA Technologies. In the report, the main reasons for enabling the risk factor were too many users with excessive access privileges, employees bringing their devices to work, and the increasing complexity of the information security industry.

Over 50 half of the respondents confirmed insider attacks against their organization last year, and a quarter felt the insider attacks were becoming more frequent.

While insider threats are a cause of concern, a vast majority of companies are implementing programs to deter them. Companies focus on detecting insider threats, deterrence methods, analysis, and forensics. “Thirty-six percent have a formal program in place to respond to insider attacks, while 50% are focused on developing their program,” the report suggested.

Nipping it in the bud

Threats like insider attacks need to be nipped in the bud, and this must be ensured from the beginning, in other words, the hiring process. One way HR could minimize the malicious leaking of information is by ensuring that the concerns are raised and dealt with fairly without compromising the employee’s overall experience.

Simple steps such as reminding people about the company’s data protection policy post their resignation can also help.

Moreover, there are several touchpoints throughout an employee’s career that HRs must focus on. The CERT Insider Threat Center provides a list of best practices organizations should adopt to protect themselves from insider threats. These include maturing insider threat programs, tracking terminated employees, improving employee engagement, developing a watchlist of employees with behavioral indicators, and adding insider threat awareness training.

Authentication and the future of biometrics

As far as insider threats are concerned, it is evident that they can jeopardize companies. To counter this, there is a need for risk-based authentication technology that relies on things like proximity, behavior, biometrics, and more.

Industry experts opine that when you’re typing the password, the software can observe your movement across the keyboard. With this keystroke behavioral biometric, the computer algorithm can distinguish between users. According to several experts, technology can be fed into the risk engine and help determine whether the user should get access or not.

Several other innovations are also driving the authentication space, where individual actions by the users are tracked and traced to create exclusive biometrics using artificial intelligence and machine learning.

While insider threats may seem inevitable and pose a more significant threat to companies than external forces, organizations must implement policies, methods, and security systems to identify potential hazards and minimize the occurrence of such incidents. Though authentication and innovation can also assist in safeguarding the company, they alone are not enough to avert the dangers posed by insider threats.

Written By
Augustin Kurian

Augustin Kurian is the Editor In Chief of The Cyber Express, an information security publication catering to an audience encompassing CISOs, CXOs, network engineers, technology enthusiasts, security professionals, and students. In his role, he leads the editorial division, manages outreach campaigns, and promotes establishing best cybersecurity practices.