Blog

No items found.

The threat is already inside

The threat is already insideDefault blog imageDefault blog image
06
Mar 2017
06
Mar 2017

Imagine a middle-aged middle manager at a multinational corporation. Joe is the kind of employee who’s always done just enough to get by, cutting corners when he can and flying under the radar. One day, Joe’s boss decides that enough is enough. She fires Joe.

Furious, Joe storms back to his desk to pack up his belongings. Halfway through cleaning out his filing cabinet, he remembers that he doesn’t have to go quietly into the night. He still has administrative access to edit the company website, he has valuable client information, and he’s on an email thread with compromising photos of his boss at the last holiday party.

Disgruntled employees like Joe may be in the minority, but their potential to do serious damage can’t be ignored. Posting those photos of his boss on the company website would be trivial, causing embarrassment at best and impacting financial performance and market confidence at worst. Another option at Joe’s disposal would be to make some money out of his trauma by selling client intelligence to a competitor.

Joe might even go a step further, obtaining access to supposedly secure documents via a new device called PoisonTap, a $5 USB that installs a backdoor onto locked computers. By handing over access to a sophisticated hacker on the Dark Web, Joe could undermine his former employer in the long term with surprising ease.

A recent industry report found that 60 percent of all cyber-attacks are carried out by insiders, and 1 in 4 of those attacks are accidental. For instance, employees click on phishing emails an alarming 23 percent of the time and often use cloud services like Dropbox despite their company explicitly forbidding them. Even basic cyber hygiene remains an uphill battle. The most common password today is ‘123456’, and ‘password’ isn’t far behind.

So even if Joe does take the high road, he may already have exposed his company to serious risk through using poor passwords, mishandling of sensitive documents, or becoming the victim of a well-disguised phishing attack. Despite our modern-day interest in foreign attackers, the biggest threat facing organizations isn’t nation-state hackers or anonymous saboteurs. It’s everyday employees like Joe.

So how do we stop Joe and people like him from exposing their companies to risk, either purposefully or on accident? The first step has to be educating employees on best practices, but education can only go so far. Defending against insider threat should be a core focus in our approach to security. To do that, we have to continuously monitor all users and devices and look out for the early signs of compromise. One thing is for sure in cyber security – the threat is already inside.

Like this and want more?

Receive the latest blog in your inbox
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
INSIDE THE SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
AUTHOR
ABOUT ThE AUTHOR
Justin Fier
VP, Tactical Risk and Response

Justin is one of the US’s leading cyber intelligence experts, and holds the position of VP, Tactical Risk and Response at Darktrace. His insights on cyber security and artificial intelligence have been widely reported in leading media outlets, including the Wall Street Journal, CNN, The Washington Post, and VICELAND. With over 10 years’ experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.

USE CASES
No items found.
PRODUCT SPOTLIGHT
No items found.
COre coverage
No items found.

Related Articles

No items found.

Good news for your business.
Bad news for the bad guys.

Start your free trial

Start your free trial

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get a demo

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.