The threat is already inside

Justin Fier, Director of Cyber Intelligence | Monday March 6, 2017

Imagine a middle-aged middle manager at a multinational corporation. Joe is the kind of employee who’s always done just enough to get by, cutting corners when he can and flying under the radar. One day, Joe’s boss decides that enough is enough. She fires Joe.

Furious, Joe storms back to his desk to pack up his belongings. Halfway through cleaning out his filing cabinet, he remembers that he doesn’t have to go quietly into the night. He still has administrative access to edit the company website, he has valuable client information, and he’s on an email thread with compromising photos of his boss at the last holiday party.

Disgruntled employees like Joe may be in the minority, but their potential to do serious damage can’t be ignored. Posting those photos of his boss on the company website would be trivial, causing embarrassment at best and impacting financial performance and market confidence at worst. Another option at Joe’s disposal would be to make some money out of his trauma by selling client intelligence to a competitor.

Joe might even go a step further, obtaining access to supposedly secure documents via a new device called PoisonTap, a $5 USB that installs a backdoor onto locked computers. By handing over access to a sophisticated hacker on the Dark Web, Joe could undermine his former employer in the long term with surprising ease.

A recent industry report found that 60 percent of all cyber-attacks are carried out by insiders, and 1 in 4 of those attacks are accidental. For instance, employees click on phishing emails an alarming 23 percent of the time and often use cloud services like Dropbox despite their company explicitly forbidding them. Even basic cyber hygiene remains an uphill battle. The most common password today is ‘123456’, and ‘password’ isn’t far behind.

So even if Joe does take the high road, he may already have exposed his company to serious risk through using poor passwords, mishandling of sensitive documents, or becoming the victim of a well-disguised phishing attack. Despite our modern-day interest in foreign attackers, the biggest threat facing organizations isn’t nation-state hackers or anonymous saboteurs. It’s everyday employees like Joe.

So how do we stop Joe and people like him from exposing their companies to risk, either purposefully or on accident? The first step has to be educating employees on best practices, but education can only go so far. Defending against insider threat should be a core focus in our approach to security. To do that, we have to continuously monitor all users and devices and look out for the early signs of compromise. One thing is for sure in cyber security – the threat is already inside.

Justin Fier

Justin is one of the US’s leading cyber intelligence experts, and holds the position of Director for Cyber Intelligence & Analytics at Darktrace. His insights on cyber security and artificial intelligence have been widely reported in leading media outlets, including the Wall Street Journal, CNN, The Washington Post, and VICELAND. With over 10 years of experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.