The Who, What, When, Where, How & Why?
The Unintentional Insider Threat
Malicious insiders are not the only type of inside threats that most companies have to worry about… There are threats posed by human error and even good intentions.
According to IBM
, human error accounts to more than 95% of the incidents they investigate. The most common problems include different types of system misconfiguration, poor or even non-existent patch management, leveraging default settings, using weak passwords, losing devices and even sending data to the wrong e-mail addresses. While the data we reference here is a few years old, these facts are still relevant to this day.
Some of the problems stated are the result of poor decision making, laziness, or the slip of a mouse. It could be something as basic as clicking “reply all” on an e-mail that has sensitive information in it. Poor policies and patch management practices also come into play. Organizations should enforce proper system configurations and patch management practices and these should be periodically assessed.
We will never get rid of mistakes like these, but there is quite a bit of room for heavy improvements to be made.
Most employees tend to be hard-working and have a desire to do a good job. In fact, many tend to go out of their way to do their jobs more efficiently, which tends to pose a risk in itself. It is not uncommon for employees to install unauthorized software that they believe will automate tasks, which results in malware ending up on machines or can create security gaps where this installed software is unpatched and can become a vulnerability.
Studies consistently show that when a worker regularly connects remotely to work through a personal device (mobile phones, laptops, tablets, and home PC’s), they often violate organizational policy and create a gap in security defenses.
Did you know that hackers often take advantage of remote connections and can intercept traffic, or inject into connections?
Workers tend to see security as a negative roadblock rather than an enabler. Whenever inconvenience is too strong, employees will find ways around policies in order to do their jobs more easily, and thus become insider threats.
This is especially true in smaller organizations with little or no control over their systems!
Honest insiders also tend to be targeted by malicious outsiders through social engineering. E-mail phishing attempts are one of the most common types of social engineering, but examples range from simple phone calls to carefully crafted web sites that host drive-by file injection or download techniques or malicious content.
Contractors, business partners, and connections also tend to be insider threats, not just employees!
The best way to protect your organization is to bring awareness to insiders about how these security gaps can arise, and enforce security practices, no matter how inconvenient, but to also provide incentives and reward good use of security practices. All employees need to understand the risks behind breaking organizational policies and why these policies exist.