Cybersecurity In The Organization: Not Everything Is As It Seems
When you hear or read the words “cybersecurity incident”, you immediately think of sophisticated hackers breaching computer defenses. Like a Hollywood movie, we envision cyber criminals copying sensitive information and then selling or sending it to a corrupt competitor or a dictator in some distant country. Well, it’s not quite like that. In more than half of the time, the breach of corporate information is the consequence of employees leaving the company. Yes, the enemy within.
According to the study published by Securonix, employees who plan to leave are responsible for 60% of information leaks. The report defines these employees as “risk leakers”, i.e. those who are about to leave the company for several reasons. These employees show patterns of behavior that indicate their intention to leave the company. We will then evaluate these patterns and indicate what measures could you take to avoid or at least mitigate the negative impact on the organization.
Why Does It Happen And What Can We Do?
According to the report, the most common internal threat is sensitive information extraction. This is done through email transfers (to an attacker’s personal address) or uploads to cloud storage services. Also the risky employees use unauthorized removable storage devices (e.g. USBs). The second attack mode is the abuse of privileged accounts. Furthermore, the greatest amount of information theft occurs in the pharmaceutical industry, followed by the financial services and information technology industries.
Regarding the factors involved, Securonix lists several, such as account sharing, difficulties in classifying information for access purposes and the circumvention of IT controls. The latter is particularly significant as this happens due to the poor definition of the policies and processes that establish the controls. Another important cause is the granting of privileged accounts to personnel of business partners or suppliers.
As possible measures to take against these cybersecurity incidents, the report suggests the use of algorithms that monitor employee activities to detect early suspicious behavior, as well as to analyze the volumes of traffic and information transfer that exceed certain thresholds. We add that traditional methods (DLP, PAM) as well as the design, implementation, and control of information security policies, processes, and procedures should not be discarded.
For the full report, you can click here.