How Do You Bring Down an Organization? From the Inside
Category
News
Risk Level
Last week an incredible story hit the news about corporate bribes, Russian nationals, and the FBI. No, it wasn’t the latest movie on Netflix, or even about the 2020 election. Instead it came from the U.S. Department of Justice’s indictment of a Russian national who attempted to install malware on a major company’s IT network. Most notable about the indictment - the accused individual didn’t even work for the company, and they didn’t try to hack into the company from outside.
So how’d they do it? Insider threat.
“This term sounds familiar…”
You may remember insider threat from elsewhere in the ACT or in our Hive Live workshop: Don’t Lose Your Honey to Insider Threat. To recap, your organization has some incredible things that are most likely very important - proprietary information, other people’s personal information, and even the safety of your colleagues. If you wanted to protect this information, what would you do?
Think of your organization as a castle. As your organization grows, you’ll need to keep adding more rooms and towers to protect what’s important to you, but you’ll soon realize you need to keep your enemies away from all your hard work. So you’ll start building large walls, or even digging a moat, to protect it all.
Back in 2020, these protections look like the cybersecurity functions provided by firewalls, security awareness training, and cybersecurity audits. As time has gone on, many organizations have built similar walls and moats to protect their castles too. However, this ignores one major problem: these defenses are great at keeping people out, but what about the people already inside? We call this insider threat and it can be devastating to your organization.
“So what happened here?”
In last week’s indictment, the U.S Department of Justice outlined a story where a Russian national befriended an individual at an unnamed corporation in Nevada, and ultimately offered them $1 million dollars to install malware on the IT network.
Remember when we talked earlier about the walls and moat on your castle? For the indicted individual, they circumvented all of those by going straight to a person inside and offering them money. If the person had been motivated by the money, or maybe disgruntled, they may have taken the bribe. Imagine a life changing amount of money to carry out something that really won’t impact you personally?
In this case, the individual reported the attempt to the company, who in turn notified the FBI. Through careful monitoring, the FBI was able to collect information on the Russian national that ultimately led to the indictment. However, the indictment never specified the company and there was a lot of speculation on who it could be. Leave it to social media to take care of the rest:
Much appreciated. This was a serious attack.
— Elon Musk (@elonmusk) August 27, 2020
“How do I know if my organization is at risk of insider threat?”
First of all, organizations from any industry are vulnerable to insider threat. According to a 2018 Forrester’s report, 53% of data breaches come from insider threats. To prevent this, you need to examine everything at your organization that protects your information and your colleagues. This includes, but isn’t limited to:
Policies
Technologies in use
Cybersecurity protections
Data loss prevention programs
Secure disposal
On-boarding, role changes, and off-boarding of employees, contractors, and vendors
And for each of these, you’ll need to constantly monitor everything!
In honor of National Insider Threat Awareness month, it’s time to start taking action. The Department of Homeland Security has published a useful guide for recognizing and handling insider threat.
Still sound overwhelming? It can be, but Hive Systems can help. We’re here to walk you through developing an approachable and actionable strategy to reduce your risk from insider threat. Ready to get started?