The average cost of an insider attack to an organization is more than $8 million and many companies have shown they dramatically underestimate this figure. This is likely because they do not realize the severity such attacks pose to their organization.
Some of the largest insider attacks in 2018 took place at Tesla, Punjab National Bank in India, Facebook, Coca-Cola, Nuance and Suntrust Bank.
This reminds us – no company is immune.
The latest news regarding insider threats took place in Maryland where the Baltimore mayor ordered a cybersecurity review after a city employee was found with hacking tools on his computer. The former IT worker reportedly gave himself special access to the computer of city's Public Works director.
Mayor Catherine Pugh ordered a security review after a technology staffer at the city's water agency gave himself special access to the computer of the Department of Public Works director and was found with hacking tools on his own city computer.
On Thursday, Inspector General Isabel Mercedes Cumming issued a summary of the investigation into the employee, who no longer works for the city.
“It was concerning. Very, very concerning,” Cumming said in an interview. “Once it was discovered, action was taken immediately.”
The interim report says investigators found “suspicious materials” on Clifton’s computer, including a guide to defeating electronic door locks, information on how to improvise lock picks and copies of “The Anarchist Cookbook” and activist Abbie Hoffman’s “Steal This Book.” The former book includes instructions on bomb- and drug-making, among other topics.
Dave Fitz, a spokesman for the FBI, said the agency’s Baltimore office provided technical help in the investigation but said he couldn’t share details.
The biggest insider challenges for organizations looking to stay protected are public WiFi used for business, employee negligence, inadvertent insiders, insider collusion, persistent malicious insiders and disgruntled employees.
The reality is, it may not be possible to be 100% secure but businesses can take steps to minimize risk.
Covert phishing simulation of employees is a MUST. PHISH360 is a free tool which quickly lets anyone launch a campaign to test workers. It helps determine the weak links while ensuring companies can take action to deal with workers who aren’t progressing.
In addition, a division of responsibilities is crucial. The idea is to ensure one-person does not own the keys to the kingdom. Generally, hiring an outside firm is safer if they have multiple workers sharing responsibility. It is more difficult for any one tech to act maliciously if coworkers and management are watching their actions.
The bottom line is insider threats are very real and you need to be aware of this when you assign your IT to internal and/or external resources.
Apex Technology Services can help advise you on industry best practices regardless of budget. We help hundreds of clients from the dentist down the street to Fortune 200 companies and as a result, we have a breadth of experience which we draw upon to keep our customers running smoothly.