Home - Article

Featured Article

January 22, 2019

Insider Threats are Very Real. Just Ask the Baltimore Mayor


The average cost of an insider attack to an organization is more than $8 million and many companies have shown they dramatically underestimate this figure. This is likely because they do not realize the severity such attacks pose to their organization.

Some of the largest insider attacks in 2018 took place at Tesla, Punjab National Bank in India,  Facebook, Coca-Cola, Nuance and Suntrust Bank.

This reminds us – no company is immune.

The latest news regarding insider threats took place in Maryland where the Baltimore mayor ordered a cybersecurity review after a city employee was found with hacking tools on his computer. The former IT worker reportedly gave himself special access to the computer of city's Public Works director.

Mayor Catherine Pugh ordered a security review after a technology staffer at the city's water agency gave himself special access to the computer of the Department of Public Works director and was found with hacking tools on his own city computer.

On Thursday, Inspector General Isabel Mercedes Cumming issued a summary of the investigation into the employee, who no longer works for the city.

“It was concerning. Very, very concerning,” Cumming said in an interview. “Once it was discovered, action was taken immediately.”

The interim report says investigators found “suspicious materials” on Clifton’s computer, including a guide to defeating electronic door locks, information on how to improvise lock picks and copies of “The Anarchist Cookbook” and activist Abbie Hoffman’s “Steal This Book.” The former book includes instructions on bomb- and drug-making, among other topics.

Dave Fitz, a spokesman for the FBI, said the agency’s Baltimore office provided technical help in the investigation but said he couldn’t share details.

The biggest insider challenges for organizations looking to stay protected are public WiFi used for business, employee negligence, inadvertent insiders, insider collusion, persistent malicious insiders and disgruntled employees.

The reality is, it may not be possible to be 100% secure but businesses can take steps to minimize risk.

Covert phishing simulation of employees is a MUST. PHISH360 is a free tool which quickly lets anyone launch a campaign to test workers. It helps determine the weak links while ensuring companies can take action to deal with workers who aren’t progressing.

In addition, a division of responsibilities is crucial. The idea is to ensure one-person does not own the keys to the kingdom. Generally, hiring an outside firm is safer if they have multiple workers sharing responsibility. It is more difficult for any one tech to act maliciously if coworkers and management are watching their actions.

The bottom line is insider threats are very real and you need to be aware of this when you assign your IT to internal and/or external resources.

Apex Technology Services can help advise you on industry best practices regardless of budget. We help hundreds of clients from the dentist down the street to Fortune 200 companies and as a result, we have a breadth of experience which we draw upon to keep our customers running smoothly.





Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!