While businesses and organizations focus their attention on stopping hackers outside the company from breaching their security defenses, very few have any kind of protection against insider threats.

There are three major types of insider security threats:

  • Malicious Insider Threat, where an employee inside the company intentionally seeks to leak information, steal data, or compromise the company;
  • a Careless Insider Threat, where an employee(s) doesn’t understand or follow security policies and rules, putting the company at risk for malware cyberattacks; and lastly,
  • the Compromised Insider Threat, where an employee whose email account was hacked through social engineering, credential harvesting, phishing emails, or malware, with the goal to steal information, make illegal financial transactions, and more.

But there is always room for new ways to attack a company, as a recent case in Tesla company shows.

The technology

According to Campaign Monitor, the average office worker receives 120 emails per day. Such a figure shows that email continues to play a predominant role in the daily activities of an organization and that its use will continue to grow. Taking all of this into consideration, it is imperative to ensure that malicious email content stays out of the organization. The risks of ignoring these threats are substantial and could cause serious damage, including data and productivity loss, as well as a reduction in network resources due to bandwidth consumption - all contributing to a hit on your bottom line.

The problem goes deeper with the fact that more than a third of employees access corporate data on their personal devices. These personal laptops, tablets, and smartphones are less secure than their corporate equivalents and pose a serious threat to the security of any business. Due to an ongoing pandemic, these risks will continue to grow since more people work from home than from the office. A great number of employees don’t even have basic password protection. In addition, their IoT devices are connected to their home network, which mostly have unpatched firmware vulnerabilities and insecure logins - all of which can be a way for hackers into the corporate networks they’re connected to. Another risk comes from bringing devices back to the office because they can have malware infections that were picked up at home.

DLP and user auditing mechanisms as fundamental technologies

Data Loss Prevention (DLP) is the industry lingo for a set of tools and processes used to improve information security and protect business information. It prevents employees from sharing key information outside the business network. Several systems can contribute to DLP: as a standard, it is about detection of files and words or phrases in the outgoing email. Other Data leak mechanisms include evaluating the user access to a business platform (for example the email client), ensuring the user has not been compromised (for example, if the user's IP is suddenly in another country).

For businesses who take data security seriously, control over employee mailbox information is paramount One of the tools for doing so is User Auditing Mechanisms, which can conduct an internal security audit and get your company on the right track towards protecting against a data breach or any other security threat.

Such Technology mechanisms are essential for the online security of any organization.

The other factors

Finally, the process and human factors, the other vectors of the triangle, play a part even more important than technology. By setting the access and authorization rules for the employees, it is possible to create automatic mechanisms, using DLP and auditing technologies, to immediately detect any deliberate or accidental wrong doing.

Source: AnubisNetworks

The Anubis Labs team is tasked with the ongoing effort to discovery new threats, track and collect intelligence about malware and botnets and figure out the best approach to let our customers have a good insight on their threat landscape.