About Insider Threats

1
About Insider Threats

• You might have heard of the threats that are
  built into machines, and the ones that are
  created by people to exploit loopholes in any
  given system.
• We're all aware of the malwares and viruses, the
  phishing sites, fake accounts, and everything
  digital threat that exists in this day and age.
• But lets throw it back to the classics for a bit
  to tackle on the still existing grave threat, and
  probably the most dangerous of them all insider
  threats.
• That's right there isn't a code, a program,
  software or data cache that's more dangerous than
  a human mind.

www.izoologic.com
2
About Insider Threats
Since the dawn of time, for every great creation
that works using a system (the calendar, a
government, the multiplication table), there have
been minds who have been able to see the limits
and deduce the effectiveness of each. Fast
forward to thousands of years of human
development, and this still holds true.
Cryptocurrency, the latest trend, has its own
digital demons to exorcise, but its greatest
adversary is still the human mind with evil
intent.
www.izoologic.com
3
Insider Threats
CA Technologies put up a report regarding insider
threats, or the classy, Ocean's Eleven way of
doing things, led by Holger Schulze, CEO and
Founder of Cybersecurity Insiders, a group
dedicated to the investigation of malicious
insiders, and negligent ones. Simply put,
insiders can either know or do not know that
they're being a threat to cybersecurity.
www.izoologic.com
4
Insider Threats

• This is done, how, you ask?
• Well, every villainous group has a mastermind.
  That's where it all begins.
• An employee, executive, or a co-owner of any
  business can jeopardize the security of the
  company, and this mastermind is doing it
  willingly, most likely due to greater ambition.
• Of course, taking over an empire is no easy task,
  and is not something you can do without allies.
• So, the next tier of insiders comes to play the
  major players.
• These are carefully planted moles in every
  department, equipped with the necessary skill,
  title and ambition to participate in such a risky
  activity.
• Lastly, a scheme will never be complete without
  its most prominent performer the pawns.
• These are the ones that are either in the loop
  but too incompetent for a bigger role, or the
  people who have no idea that they're
  participating in something of the sort.

www.izoologic.com
5
Insider Threats
CA ran a survey spanning 400,000 members of the
online community, with Cybersecurity Insiders,
in partnership with the Information Security
Community on LinkedIn to conduct an in-depth
study of cybersecurity professionals to gather
fresh insights, reveal the latest trends and
provide actionable guidance on addressing insider
threat. Below are the key takeaways on the
survey
www.izoologic.com
6
Insider Threats

• 90 of organizations feel vulnerable to insider
  attacks.
• The main enabling risk factors include too many
  users with excessive access privileges (37), an
  increasing number of devices with access to
  sensitive data (36), and the increasing
  complexity of information technology (35).
• A majority of 53 confirmed insider attacks
  against their organization in the previous 12
  months (typically less than five attacks).
• 27 of organizations say insider attacks have
  become more frequent. Organizations are shifting
  their focus on detection of insider threats
  (64), followed by deterrence methods (58) and
  analysis and post breach forensics (49).
• The use of user behaviour monitoring is
  accelerating 94 of organizations deploy some
  method of monitoring users and 93 monitor access
  to sensitive data.

www.izoologic.com
7
Insider Threats

• The most popular technologies to deter insider
  threats are
• Data Loss Prevention (DLP), encryption, and
  identity and access management solutions.
• To better detect active insider threats,
  companies deploy Intrusion Detection and
  Prevention (IDS), log management and SIEM
  platforms.
• Lastly, the vast majority (86) of organizations
  already have or are building an insider threat
  program.
• Thirty-six percept have a formal program in place
  to respond to insider attacks, while 50 are
  focused on developing their program.

www.izoologic.com
8
Insider Threats

• The types of insiders that pose the biggest risk
  to organizations are somewhat expected, but with
  an asterisk.
• For example, 56 of the mitigated risk of insider
  threat comes from regular employees, most likely
  out of neglect, or what we call the
  accidental/unintentional insider.
• 55 of the mitigated risk comes from privileged
  IT users/admins, with access to more confidential
  data as their tier goes higher and is a mix of
  the unintentional and the malicious kind of
  insider.
• Temporary workers, contractors and service
  providers generate 42 of the mitigated risk and
  is also a combination of unintentional and
  malicious.

www.izoologic.com
9
Insider Threats

• The kind of data most vulnerable to insiders,
  with a percentage value on mitigated risk are
• 57 on confidential business information
  (customer data, financial reports, employee data
• 52 on privileged account information
  (credentials, passwords, security codes)
• 49 on sensitive personal information (what you
  did last summer, personal identifiable
  information)
• 32 on intellectual property (trade secrets,
  products in development, designs and blueprints)
• 27 on operational or infrastructure data
  (network topology and infrastructure, methods of
  wresting control)

10
Insider Threats

• Most of these data can be accessed on several
  platforms, but the most common sources that
  insiders can get these from are Databases, file
  servers, cloud applications, endpoints, business
  applications, the active directory, the physical
  network, and mobile devices.
• Accidental insiders get involved primarily
  through phishing attempts, weak passwords,
  unlocked devices, password sharing and unsecured
  networking.
• Among the organizations participating in the
  survey, 34 consider external attacks (hacking,
  defacing) as the most likely insider threat to
  happen to their organization, while 36 believe
  that they are more prone to a deliberate attack,
  and 30 would like to write it off towards
  accidental/unintentional breach of security.

11
Insider Threats
While this is somewhat a difficult way to breach
Cyber Security, its still the most effective
way, and the human mind is greater than any
machine, hence, this is a problem that's going to
exist for a while.
12
Contact Us
14 Hanover Street, W1S 1YH City of Westminster,
London UNITED KINGDOM
44 20 3734 2726
info_at_izoologic.com
www.izoologic.com