The threat is already inside

Justin Fier, Director of Cyber Intelligence | Monday March 6, 2017

Imagine a middle-aged middle manager at a multinational corporation. Joe is the kind of employee who’s always done just enough to get by, cutting corners when he can and flying under the radar. One day, Joe’s boss decides that enough is enough. She fires Joe.

Furious, Joe storms back to his desk to pack up his belongings. Halfway through cleaning out his filing cabinet, he remembers that he doesn’t have to go quietly into the night. He still has administrative access to edit the company website, he has valuable client information, and he’s on an email thread with compromising photos of his boss at the last holiday party.

Disgruntled employees like Joe may be in the minority, but their potential to do serious damage can’t be ignored. Posting those photos of his boss on the company website would be trivial, causing embarrassment at best and impacting financial performance and market confidence at worst. Another option at Joe’s disposal would be to make some money out of his trauma by selling client intelligence to a competitor.

Joe might even go a step further, obtaining access to supposedly secure documents via a new device called PoisonTap, a $5 USB that installs a backdoor onto locked computers. By handing over access to a sophisticated hacker on the Dark Web, Joe could undermine his former employer in the long term with surprising ease.

A recent industry report found that 60 percent of all cyber-attacks are carried out by insiders, and 1 in 4 of those attacks are accidental. For instance, employees click on phishing emails an alarming 23 percent of the time and often use cloud services like Dropbox despite their company explicitly forbidding them. Even basic cyber hygiene remains an uphill battle. The most common password today is ‘123456’, and ‘password’ isn’t far behind.

So even if Joe does take the high road, he may already have exposed his company to serious risk through using poor passwords, mishandling of sensitive documents, or becoming the victim of a well-disguised phishing attack. Despite our modern-day interest in foreign attackers, the biggest threat facing organizations isn’t nation-state hackers or anonymous saboteurs. It’s everyday employees like Joe.

So how do we stop Joe and people like him from exposing their companies to risk, either purposefully or on accident? The first step has to be educating employees on best practices, but education can only go so far. Defending against insider threat should be a core focus in our approach to security. To do that, we have to continuously monitor all users and devices and look out for the early signs of compromise. One thing is for sure in cyber security – the threat is already inside.

Blog Archive

Thursday January 10, 2019
Monday December 3, 2018
Thursday November 22, 2018
Thursday October 25, 2018
Thursday October 4, 2018
Monday August 20, 2018
Monday July 16, 2018
Friday June 22, 2018
Wednesday May 9, 2018
Monday April 16, 2018
Wednesday March 7, 2018
Tuesday February 13, 2018
Friday February 2, 2018
Monday January 22, 2018
Friday December 8, 2017
Monday November 27, 2017
Monday October 30, 2017
Wednesday October 25, 2017
Thursday October 12, 2017
Monday October 2, 2017
Monday September 18, 2017
Monday July 31, 2017
Thursday June 29, 2017
Wednesday June 21, 2017
Wednesday May 17, 2017
Monday May 8, 2017
Wednesday April 5, 2017
Monday March 6, 2017
Monday February 13, 2017
Monday January 30, 2017
Monday January 9, 2017
Friday December 16, 2016
Monday December 5, 2016
Friday November 18, 2016
Friday November 4, 2016
Monday October 24, 2016

About the authors

Justin Fier

Justin Fier is the Director for Cyber Intelligence & Analytics at Darktrace, based in Washington D.C. Justin is one of the US’s leading cyber intelligence experts, and his insights have been widely reported in leading media outlets, including Wall Street Journal, CNN, the Washington Post, and VICELAND. With over 10 years of experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.

Dave Palmer

Dave Palmer is the Director of Technology at Darktrace, overseeing the mathematics and engineering teams and project strategies. With over ten years of experience at the forefront of government intelligence operations, Palmer has worked across UK intelligence agencies GCHQ & MI5, where he delivered mission-critical infrastructure services, including the replacement and security of entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents. He holds a first-class degree in Computer Science and Software Engineering from the University of Birmingham.

Andrew Tsonchev

Andrew advises Darktrace’s strategic Fortune 500 customers on advanced threat detection, machine learning and autonomous response. He has a technical background in threat analysis and research, and holds a first-class degree in physics from Oxford University and a first-class degree in philosophy from King’s College London. He was most recently featured on BBC World, BBC Morning and Al Jazeera to comment on the news regarding the GRU.

Max Heinemeyer

Max is a cyber security expert with over eight years’ experience in the field specializing in network monitoring and offensive security. At Darktrace, Max works with strategic customers to help them investigate and respond to threats as well as overseeing the cyber security analyst team in the Cambridge UK headquarters. Prior to his current role, Max led the Threat and Vulnerability Management department for Hewlett-Packard in Central Europe. He was a member of the German Chaos Computer Club, working as a white hat hacker in penetration testing and red teaming engagements. Max holds a MSc from the University of Duisburg-Essen and a BSc from the Cooperative State University Stuttgart in International Business Information Systems.