Although most companies take measures to defend against external cyberattacks, threats from within are often overlooked. Find out how to defend your business against insider threats.
In June 2018, a disgruntled Tesla employee hacked one of the company’s systems and sent highly sensitive data to unknown third parties, according to an email sent by Tesla CEO Elon Musk. The employee was upset because he did not receive a promotion.
This is not an isolated case. Having someone on the inside perpetrate a data breach is more common than you might think. A 2017 McAfee study found that 22% of data breaches were intentionally caused by malicious insiders, including current and former employees, contractors, and third-party suppliers. Most often they stole customer data, employee information, and intellectual property.
Thus, it is important to protect your business data from malicious insider threats. To do so, it helps to know about the common elements in these types of attacks.
The Common Elements
Three elements are typically present in malicious attacks perpetrated by insiders:
- Pressure. The insiders feel pressure to commit a crime, usually out of desperation or greed. For example, they might steal data or money because they need to pay off large medical bills or gambling debts.
- Rationalization. The insiders use rationalization to convince themselves that their actions are acceptable rather than criminal. For example, they might rationalize that the company deserves the attack because of the way it treats employees or customers.
- Opportunity. The criminals have the opportunity and ability to not only commit the crime but also conceal it. For instance, they might be able to access a database containing customer data because the database has weak internal controls.
These three elements are collectively known as the Fraud Triangle. Being aware of this triangle can help businesses defend against malicious insider threats. However, there is little companies can do to identify and alleviate employees’ personal pressures, such as having large medical bills or a gambling habit. Fortunately, insider attacks usually involve all three elements, so companies can concentrate on mitigating rationalizations and minimizing opportunities instead.
Malicious insiders often rationalize their actions by convincing themselves they are righting a wrong. For example, a disgruntled employee who feels he has been unfairly passed over for a promotion might believe that stealing data is the best way to right that wrong decision.
Letting employees express their frustrations and concerns through feedback forms and anonymous surveys can help mitigate insider threats spurred by disgruntlement. For this to work, though, you have to address their frustrations and concerns in an open and honest manner. Employees need to feel confident that they won’t be penalized for asking why they did not get a promotion or why they did not get a bonus or raise when others did.
You can also mitigate rationalization by regularly interacting with employees. For instance, you might hold company-sponsored events such as picnics or simply walk around the workplace, talking with employees. They will be less likely to attack the company out of spite or anger if you have a genuinely warm attitude toward them.
Companies have the most control over addressing the opportunity element. To minimize the opportunities for insider attacks in your business, you might consider implementing the following measures:
- Follow the principle of least privilege. In other words, limit employees’ access to company resources to the minimal level that will allow them to perform their job duties. In addition, the access should be in effect for the shortest duration necessary.
- Conduct audits periodically to identify access rights that should be removed because they were inappropriately granted or still exist from previous job roles.
- Use access control tools to regulate which employees, systems, and apps can view or use a company’s resources.
- Monitor your company’s network, systems, and resources for unusual activities, such as a sizeable increase in the number of files being printed during off-hours, large spikes in network traffic, and frequent remote access of a system at odd times.
- Create policies that let employees know you are monitoring the company’s network, systems, and resources for unusual activities.
If you are not sure whether your business is doing all it can to minimize the opportunities for insider attacks, contact us. We can assess your systems and make sure the necessary measures are in place.