Insider Attacks — How to Prevent Security Breaches from Within

by Tony Richardson CISSP

If you have nightmares about your business suffering a cyber security breach, you probably think about shadowy criminals out there on the dark web.

“Your staff could quite easily be your biggest risk without you even knowing it………………”

If you have nightmares about your business suffering a cyber security breach, you probably think about shadowy criminals out there on the dark web. However, the biggest threat is often a lot closer to home — your own employees.

You don’t want to treat all your employees with suspicion, of course. On the other hand, you do need to be vigilant and reduce the risk of a cyber attack originating from within your organisation.

Accidental Internal Cyber Breaches

Not all employees who cause a cyber breach are malicious. Sometimes, the danger can arise from negligence caused by fatigue, personal stress or lack of training.

Employees to look out for may be under pressure of work, or else be exhausted, suffering from sleeplessness or have something distracting them. On the other hand, phishing emails, which are often the hackers’ way into your organisation, can appeal to the emotions. Look out for employees who are either highly anxious or over optimistic.

If you detect a vulnerable employee, the best approach is offering support for them to overcome their issues. Overall, though, it’s vital to offer ongoing social engineering training, so that employees themselves can identify risks.

Deliberate Internal Cyber Breaches

Unfortunately, though, not all internal cyber breaches are accidental.  Employees who deliberately breach your security are likely to be discontent — perhaps undergoing disciplinary procedures, or involved in unresolved grievances.

Typical profiles to look out for include an employee facing financial difficulties, who might be vulnerable to bribery — and may, rightly or wrongly, consider their salary level as responsible. The standard of their performance may have fallen, and they may be expressing dissatisfaction about anything from the organisation to their co-workers.

Beyond general behaviour, there are some specific patterns to look out for, and any one of these is a definite red flag:

  • Copying large amounts of data not directly related to their work, or sending it to a personal email account.
  • Frequently accessing shared drives, such as OneDrive or DropBox, and saving the information personally.
  • Using USB sticks or other unsecured storage — in fact, your security policies and procedures should ban the use of these devices.
  • Trying to get past security measures — for example, turning off the anti-virus, trying to increase their privileges or tampering with firewalls.

How to Protect Against Insider Attacks

One way or another, every organisation is at risk from insider attacks, so how do you minimise the chances of them being successful? There are three broad areas of response.

As previously mentioned, providing ongoing social engineering training for your employees will help them to identify situations where they’re at risk of unwittingly opening the door to cyber criminals. Since these cases normally involve employees who have no intention of damaging your business, providing information equips them with the means to avoid doing so.

Secondly, it’s important to train all your employees at picking up on the warning signs. While no-one wants to encourage an atmosphere of spying and informing on colleagues, it’s important to encourage a culture where employees can raise genuine concerns without fear of consequences.

Finally, it’s vital to introduce managed detection and response technology. This will be able to pick up on the red flags mentioned above and alert your IT department, ensuring that a breach can be shut down before it’s happened, or at least before it’s had time to do too much damage.

From training to technology, SecuraProTM can help you minimise the risk of insider attacks. Get in touch with us to lean more.