Verizon warns enterprises about internal security threats

Many incidents are driven by employees with little or no technical aptitude. (Getty Images)

Cybersecurity threats from an enterprise’s own employees and partners can be as devastating as threats from external actors. And according to data gathered by Verizon’s cybersecurity team as part of its 2018 Data Breach Investigations Report, 20% of cybersecurity incidents and 15% of data breaches originated from people within a breached organization. The top reasons for these cyberthreats were financial gain (47.8%), pure fun (23.4%), and espionage (14.4%).

Verizon used some of the same data and caseload analysis from its 2018 Verizon Data Breach Investigations Report to create its new Verizon Insider Threat Report. The carrier identified five categories of inside threat actors:

  1. The Careless Worker. Employees or partners who misappropriate resources, break acceptable use policies, mishandle data, install unauthorized applications and use unapproved workarounds; their actions are inappropriate as opposed to malicious.
  2. The Inside Agent. Insiders who are recruited, solicited or bribed by external parties to exfiltrate data.
  3. The Disgruntled Employee. Insiders who seek to harm their organization via destruction of data or disruption of business activity.
  4. The Malicious Insider. Actors with access to corporate assets who use existing privileges to access information for personal gain.
  5. The Feckless Third Party. Business partners who compromise security through negligence, misuse, or malicious access to or use of an asset.

With external attacks, it can take months or more for organizations to detect intrusions. But since insiders have fewer barriers to overcome and controls to circumvent, the time it takes to detect a breach can be much longer.

FREE DAILY NEWSLETTER

Like this story? Subscribe to FierceTelecom!

The Telecom industry is an ever-changing world where big ideas come along daily. Our subscribers rely on FierceTelecom as their must-read source for the latest news, analysis and data on the intersection of telecom and media. Sign up today to get telecom news and updates delivered to your inbox and read on the go.

And it’s not just IT experts and programmers doing the hacking. “Data theft involving programmers, administrators or executives certainly makes for interesting anecdotes, but is still less common in our overall data set than incidents driven by employees with little to no technical aptitude or organizational power,” states the report. “Regular users have access to sensitive and monetizable data and are behind most internal data breaches.”

Most people behind data breaches, whether insiders or not, are motivated by money. According to the report, data breaches associated with espionage usually have a financial motivation as well. A common scenario is the exfiltration of internal data or intellectual property for a new endeavor.

RELATED: CenturyLink rebrands cybersecurity operations as Black Lotus Labs

Verizon’s report provides a framework for companies to be more proactive in detecting insider cybercrime. “Verizon sits between the sources and victims of cybercrime on a daily basis,” states the report. “By sharing real scenarios from our caseload we hope that organizations can learn and adopt the countermeasures we recommend to implement their own programs.”

Some of Verizon’s recommendations include conducting threat-hunting activities, performing vulnerability scanning tests, implementing human resource controls, and using technological devices to detect unusual activities. And of course, the company recommends implementing network security software such as firewalls.

Suggested Articles

White box vendors such as Lanner are increasingly important as network operators move from proprietary hardware to more generic hardware.

Attacks against data center and cloud services tripled between 2017 and 2018, but the good news is that the security ecosystem is responding.

When the digital twin is turned up, it invariably finds issues lurking just below the surface, such as misconfigured VLANs.