Combating the Insider Threat

What is a Brand Discovery ?

Many of the cybersecurity threats come from outside a business’s firewall. However, has your enterprise considered the security threats your staff and contractors could present?

Most business will use a range of technologies to protect their networks usually with some form of firewall to prevent outside attacks on their systems.

However, security breaches can also happen inside a business. In practice this can mean the firewalls in place will not protect systems from potential damage either from malicious attacks or accidental security breaches. Employees and contractors can be a security threat many enterprises do not pay close attention to.

Businesses will often only focus on external cybersecurity threats, but are your staff, freelancers and contractors the weakest link in your enterprise’s cybersecurity?

It’s a question that is not often asked. A simple lapse in security protocols could be very damaging to your business. As enterprises will use permanent mass remote working as they react to the pandemic, ensuring your workforce has comprehensive security awareness and, is following strong security practices is very important to the long-term cybersecurity in your company.

Over 80% of all cybersecurity incidents are caused by human error. Even more concerning is that our research showed nearly a quarter (23%) of organizations do not have any cybersecurity rules or policies in place for corporate data storage.

When the sensitive data in your company is attacked, these security incidents can also have a significant financial damage. The average economic impact of data breaches caused by employees’ is over $1m in potential losses.

Kaspersky, along with Area9 Lyceum, also discovered ‘unconscious incompetence’ where survey respondents were asked to respond to several questions relating to their cybersecurity awareness level. In 90% of cases where the wrong answer was selected for a question, survey respondents said they thought they knew the answer, but were not sure. This shows that companies can assume their staff and contractors have a high awareness of the security protocols they should be following.

Commenting on the results of the survey, Denis Barinov, Head of Kaspersky Academy, said: “If employees see no danger in risky actions, let’s say, in storing sensitive documents in personal storage, they are unlikely to seek advice from IT or IT security departments. From this perspective, it’s hard to change such behavior, because a person has an established habit and may not recognize the associated risks. As a result, ‘unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.”

Being cybersafe

As your business builds its new processes and creates new workforces to cope with the changes COVID-19 has bought to all enterprises, the security threats specific groups of employees could pose to your business need to be identified. An integrated cybersecurity approach to educate these groups is critical to set-up.

One of the clear inside threats that will expand as we move into 2021 is the increased use of personal digital devices for work. The line between private and corporate devices is now difficult to see. This has led to a level of cybersecurity risks not previously seen by enterprises.

Also, 42% of workers say they are using personal email accounts for work, and nearly half (49%) have admitted to increasing how often they do this. And, 38% use personal messengers for work purposes, and 60% say they now do this more often because of working from home.

File-sharing services that have not been approved by IT departments are also being increasing used, with 53% of respondents to our surveys saying they are using these more often for work-related purposes.

Using these services has excellent benefits for keeping staff connected but can come at a cost if one or more of them become a target for cybercriminals. These attacks can lead to both theft of corporate information and unauthorized access to the internal resources of your company.

Here, system hardening with much higher levels of cybersecurity awareness can lessen the impact phishing attacks, in particular, have on remote workers.

The endpoint protection approaches your business may have used pre-COVID-19 will not be adequate enough to combat the rise of new cyberattacks. This is because generally, businesses do not have the systems architecture in place to manage high numbers of remote workers. In addition, cybercrimminals are using these new working practices to attack business networks as they are vulnerable because they are not inside the usual security perimeter of a business’s firewall.

The security systems your business is using were, most likely, not designed to secure remote mass working. Cybercriminals can see how business networks have become vulnerable to attack and can exploit these weaknesses. 

Kaspersky researchers observed a 242% growth of brute force attacks on remote desktop protocol (RDP) compared to last year and 1.7 million unique malicious files disguised as apps for corporate communication. Both of these findings reflect the ways attackers set their sights on users that work from home.

Since the beginning of March, the number of Bruteforce.Generic.RDP detections have skyrocketed, resulting in the total number detected in the first eleven months of 2020 growing by 3.4 times, compared to the number of the same type of attacks in 2019. Overall, 3.3 billion attacks on Remote Desktop Protocol were detected between January and November 2020. In 2019, during the same 11-month period, Kaspersky detected 969 million of these attacks worldwide.

Changing employee behavior to become more cybersecurity aware isn’t an easy task. One tried and tested approach is to use cybersecurity champions across your business. Gartner found that although fewer than 10% of organizations had one in 2017, they forecast 35% would have a cybersecurity champions program by 2021. Using your staff to encourage more awareness amongst their colleagues is a practical way to improve your inside threat security.

Inside out protection

To keep your business safe, and as your business moves into mass remote working, security education must be your business’s top priority. Kaspersky’s Automated Security Awareness Platform (ASAP) is an excellent example of how your business can take a holistic approach to advanced personnel cybersecurity awareness and training.

KIPS (Kaspersky Interactive Protection Simulation) is designed for senior managers. KIPS training is targeted at business system experts, IT people and line managers, and should increase their awareness of the risks and security problems of running modern computerized systems.

No discussion of inside cybersecurity threats can be complete without considering the massive changes the pandemic has bought to businesses. Our latest Advanced Persistent Threats (APTs) in 2021 report sets out the threat landscape for next year.

With more remote work, organizational security has become a priority, and more interest in exploiting network appliances such as VPN gateways will emerge.

“We live in a world that is so mercurial that it is likely that events and processes will happen in the future that we have not been able to grasp just yet,” says David Emm, a Principal Security Researcher at Kaspersky. “The amount and complexity of changes we have witnessed that have affected the cyberthreat environment could dictate many scenarios for what is to come ahead.”

Your inside threat checklist

Dmitry Galov, a security researcher at Kaspersky says, following these steps can help any business vastly improve the risks posed by inside security breaches:

  • Ensure your employees have all they need to securely work from home and know whom to contact if they face an IT or security issue.
  • Schedule basic security awareness training for your employees. This can be done online and cover essential practices, such as account and password management, email security, endpoint security, and web browsing. Kaspersky and Area9 Lyceum have prepared a free course to help staff work safely from home.
  • Take key data protection measures, including switching on password protection, encrypting work devices, and ensuring data are backed up.
  • Ensure devices, software, applications, and services are kept updated with the latest patches. This includes all of the mobile devices your staff may be using at home. Paying attention to patching corporate devices and the personal devices of employees is critical to maintain high levels of security.
  • Install proven protection software, such as , on all endpoints, including mobile devices, and switch on firewalls. As this service is hosted, it is efficient to deploy this for all on-site and remote workers.
  • Ensure you have access to the latest threat intelligence to bolster your protection solution. For example,
  • Double-check the protection available on mobile devices. For example, it should enable anti-theft capabilities such as remote device location, locking and wiping of data, screen locking, passwords, biometric security features like Face ID or Touch ID, and enable application controls to ensure only approved employees use applications.
  • In addition to physical endpoints, it is essential to protect cloud workloads and virtual desktop infrastructure, especially given the latter are often considered a more secure alternative to running corporate tasks directly on BYOD (personal) devices. As such, Kaspersky Hybrid Cloud Security protects the hybrid infrastructure of physical and virtual endpoints and cloud workloads, whether running on-premise, in a data center, or a public cloud. It supports integration with major cloud platforms, such as VMware, Citrix, or Microsoft, and helps migration from physical to virtual desktops.

The deterrence controls your business must have in place to lessen any insider security breach, whether malicious or accidental, have several key components – all of which your business must attention to. The prevention methods outlined above support the general endpoint security that should always be live wherever and whenever data is accessed. This should be the case no matter its location and whichever device is being used.