Cybersecurity threats from an enterprise’s own employees and partners can be as devastating as threats from external actors. And according to data gathered by Verizon’s cybersecurity team as part of its 2018 Data Breach Investigations Report, 20% of cybersecurity incidents and 15% of data breaches originated from people within a breached organization. The top reasons for these cyberthreats were financial gain (47.8%), pure fun (23.4%), and espionage (14.4%).
Verizon used some of the same data and caseload analysis from its 2018 Verizon Data Breach Investigations Report to create its new Verizon Insider Threat Report. The carrier identified five categories of inside threat actors:
- The Careless Worker. Employees or partners who misappropriate resources, break acceptable use policies, mishandle data, install unauthorized applications and use unapproved workarounds; their actions are inappropriate as opposed to malicious.
- The Inside Agent. Insiders who are recruited, solicited or bribed by external parties to exfiltrate data.
- The Disgruntled Employee. Insiders who seek to harm their organization via destruction of data or disruption of business activity.
- The Malicious Insider. Actors with access to corporate assets who use existing privileges to access information for personal gain.
- The Feckless Third Party. Business partners who compromise security through negligence, misuse, or malicious access to or use of an asset.
With external attacks, it can take months or more for organizations to detect intrusions. But since insiders have fewer barriers to overcome and controls to circumvent, the time it takes to detect a breach can be much longer.
And it’s not just IT experts and programmers doing the hacking. “Data theft involving programmers, administrators or executives certainly makes for interesting anecdotes, but is still less common in our overall data set than incidents driven by employees with little to no technical aptitude or organizational power,” states the report. “Regular users have access to sensitive and monetizable data and are behind most internal data breaches.”
Most people behind data breaches, whether insiders or not, are motivated by money. According to the report, data breaches associated with espionage usually have a financial motivation as well. A common scenario is the exfiltration of internal data or intellectual property for a new endeavor.
Verizon’s report provides a framework for companies to be more proactive in detecting insider cybercrime. “Verizon sits between the sources and victims of cybercrime on a daily basis,” states the report. “By sharing real scenarios from our caseload we hope that organizations can learn and adopt the countermeasures we recommend to implement their own programs.”
Some of Verizon’s recommendations include conducting threat-hunting activities, performing vulnerability scanning tests, implementing human resource controls, and using technological devices to detect unusual activities. And of course, the company recommends implementing network security software such as firewalls.