Combating the Insider Threat
© 2015 Lancope, Inc.
Table of Contents
Chapter One
WHO IS ATTACKING YOUR NETWORK?
Chapter Two
INSIDER THREAT MOTIVES AND METHODS
Chapter Three
DETERRING INSIDER THREATS WITH TECHNOLOGY
Chapter Four
USING NETWORK LOGS TO THWART INSIDER THREATS
Chapter Five
BEYOND TECHNOLOGY
Chapter Six
SUMMARY & TOP 10 WAYS TO COMBAT INSIDER
THREATS
Chapter One
Who is
attacking your network?
Many organizations today are drowning in fears and concerns
surrounding sophisticated cyber-attacks
such as Advanced Persistent Threats (APTs), DDoS, ransomware and
zero-day exploits. While this constant onslaught of attacks can be difficult to
keep up with, businesses and government organizations also need to be mindful
of perhaps the most alarming type of attack out there – the insider threat.
According to a report by Forrester Research, insiders are the
top source of data breaches, with 36 percent of breaches stemming from the
inadvertent misuse of data by employees. Additionally, 25 percent of respondents
in the Forrester report said that abuse by a malicious insider was the most
common way in
which a breach occurred over the course of one year.
What does insider threat mean?
While the insider threat can take on several different forms,
the main component is that the attack is initiated
from inside your network versus outside where most security
technologies are focused. The insider attacker
is already on your network, so traditional defenses such as
firewalls, antivirus and IDS/IPS will not be able
to detect his or her actions. According to a recent survey by
SpectorSoft, 61 percent of IT professionals said
they could not deter insider attacks, and 59 percent said they
were unable to even detect one.
So who is attacking your network?
There are three main types of insider threats:
Each of these types of insider attackers has his/her own
motives, methods and means of being thwarted.
In order to develop an effective insider threat management
program, it is critical to understand each type.
• Negligent Insiders – Insiders who accidentally expose data – such as an
employee who forgets their
laptop on an airplane.
• Malicious Insiders – Insiders who intentionally steal data or destroy systems
– such as a disgruntled
employee who deletes some records on his last day of work.
• Compromised Insiders – Insiders whose access credentials and/or computer have
been compromised
by an outside attacker.
Various Business and IT Trends Have
Increased the Likelihood of Insider Attacks for Today’s Enterprises
Bring Your Own Device (BYOD)
Now that it has become commonplace for employees to bring
smartphones and laptops/tablets in and
out of the office, using them for both work and pleasure,
opportunities for said employees to steal sensitive
data are greater. As a result of BYOD, the likelihood of
employees having their devices, and therefore
corporate data, stolen by malicious outsiders has also risen.
More Open Networks
In today’s fast-paced business environment, the use of
outsourcing, contractors, third-party technology
platforms and cloud computing has exploded as a means of
fostering greater business agility. However,
this dramatically opens up our corporate networks and sensitive
data to countless other parties who may
not be as trustworthy or careful with our information as we
would expect.
Social Engineering
In an era of APTs, today’s attackers know that the best way to
infiltrate an organization without getting
caught is through its trusted insiders. Crafty and patient
attackers are creating designer attacks for specific
organizations and individuals, and they do not mind taking the
time to trick or bribe employees into
divulging the confidential details they need to carry out their
attacks.
In fact, according to a report by Mandiant, 100 percent of the attacks it investigated used stolen
credentials,
while only 54 percent of the compromised machines it
investigated contained malware. Through a new type
of attack known as muleware, attackers are now even paying end users to help them with
their attacks.
Няма коментари:
Публикуване на коментар