Page 55 - Cyber Warnings
P. 55
• Current employees – first group that comes to mind, your current employees have
legitimate immediate access to all your sensitive data. The biggest danger among them
pose users with privileged accounts. Such users have the highest level of access and
usually enjoy a high level of trust from the company, putting them in the best position to
commit malicious actions and get away with it.
• Third parties – modern companies are usually affiliated with a wide range of different
people and organizations. Subcontractors, service providers and business partners all
have access to your corporate network and sensitive data that they can use to conduct
malicious actions.
• Former employees – while technically they lose their legitimate access upon
termination, not all companies bother to properly delete inactive credentials. If former
employee finds that their credentials are still working, they can use them to conduct
malicious actions. Another potential danger is a backdoor or a logic bomb (malicious
software that fires off automatically after a set period of time) that former employee may
leave behind in order to gain access to the system or sabotage normal business
operations long after they leave.
It is also important to understand the common reasons for committing insider attacks. In some
cases, changes to employee behavior can give your security personnel some hints as to what
they are planning and will allow them to prevent insider attack before the damage was done.
• Corporate espionage – employees can be recruited by a competing company via
blackmail or bribery in order to transfer your sensitive data to them. Instances of
corporate espionage can be very hard to detect. If employee makes many unexpected
trips or suddenly has an influx of money, it may be a time to worry.
• Personal financial gain – employee can steal client database to sell it on a black
market or start a competing business. In this case, they will often brag to their colleagues
about this, which can help prevent the attack.
• Revenge for perceived injustice – disgruntled employees can conduct malicious
actions to get back at the company for perceived injustice toward them. Malicious
actions out of revenge are often designed to bring as much damage to the company as
possible and to interrupt regular business procedures.
• Inadvertent mistakes – in many cases, insider attack turns out to be a simple mistake
on the part of an employee, whether it is to click on a link in a suspicious email opening
your company to a hacker attack, tell their password to a colleague, or to send sensitive
data to the wrong person. Possibility of such unintentional threats should be accounted
for and their prevention should be included as a part of a general insider attack
prevention strategy of your company.
Understanding the nature of insider attacks is an important step that will help you conduct a
more thorough risk assessment and define main weaknesses of your security.
Step 2. Employ secure approach for managing employees and credentials
You should organize your work process and assign credentials in such a way as to limit the
55 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
