Insider Threats: Spotting “the Inside Job“

Posted by Angela Heindl-Schober on Dec 14, 2015 11:38:29 AM

Incidents of fraud, theft and abuse enacted by rogue insiders present organisations with the ultimate in targeted threats. These are executed against them from highly motivated actors, operating with a high degree of internal organisational knowledge and comparative ease of access. Such threats have the ability to create sizable risks in relation to digital assets and are also the most challenging to manage.

Security leaders have to understand their organisation’s context and operations in order to strike a balance between protection, control and creating value.

Users tied up in complex and over-controlling systems are unable to perform. Too light a touch sees key assets and resources too easy to misuse, alter or steal. Blending layers of organisational, physical and technical policy and management can provide a meaningful way of reducing internal cyber attacks, but no solution can be perfect. Organisations must also enable themselves to identify and recognise illegitimate internal actions and make timely interventions.

Read More »

Topics: Insider Threats, machine learning

Insider threats surge while budgets retreat

Posted by Wade Williamson on Jun 4, 2015 5:00:00 AM

The Information Security Community on LinkedIn recently completed a survey of more than 500 cybersecurity professionals on the topic of insider threats. This report reveals the real-world trends and challenges of combating insider threats from the viewpoint of the security professionals who do it every day.

Let’s take a look at some of these trends and what they may mean for information security.

Insider threats are on the rise, but budgets are not
Security teams have long been asked to do more with less, but this trend is particularly stark in the area of malicious insiders.

The study shows that 62% of respondents saw more insider threats over the past year, but only 34% expect to get more budget to address the problem. Underscoring this problem, 68% feel vulnerable and less than half feel they have appropriate control over insider threats.

Read More »

Topics: Insider Threats

Do you know how to protect your key assets?

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Mar 27, 2015 10:26:34 AM

Security breaches did not stop making headlines in recent months, and while hackers still go after credit card data, the trends goes towards richer data records and exploiting various key assets inside an organization. As a consequence, organizations need to develop new schemes to identify and track key information assets.

The biggest recent breach in the financial industry occurred at JP Morgan Chase, with an estimated 76 million customer records and another 8 million records belonging to businesses stolen from several internal servers. At Morgan Stanley, an employee of the company’s wealth management group was fired after information from up to 10% of Morgan Stanley’s wealthiest clientele was leaked. Even more sensitive was the largest health-care breach thus far: at Anthem, over 80 million records containing personally identifiable information (PII) including social security numbers were exposed. Less well-known, but potentially more costly in terms of damage and litigation is the alleged theft of trade secrets by the former CEO of Chesapeake’s Energy (NYSE: CHK).

Read More »

Topics: Insider Threats, Data Science

Detecting the Insider Threat – how to find the needle in a haystack?

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Jan 10, 2015 10:00:00 AM

In the previous posts, we have examined the insider threat from various angles and we have seen that insider threat prevention involves the information security, legal and human resources (HR) departments of an organization. In this post, we want to examine what information security departments can actually do to detect ongoing insider threats, and even prevent them before they happen.

The literal needle in the haystack

Overall, insider threats represent only a small proportion of employee behavior. And while only the ‘black swan’ incidents become public knowledge, minor incidents such as theft of IP or customer contact lists will add up to major costs for organizations.

In addition, insiders are by default authorized to be inside the network and are both granted access to and make use of key resources of an organization. Given the large pile of access patterns visible in an organization’s network, how is one to know which ones are negligent, harmful or malicious behavior?

Read More »

Topics: Insider Threats, Data Science

Morgan Stanley Meets the Insider Threat

Posted by Wade Williamson on Jan 6, 2015 1:58:00 PM

Earlier today news broke that financial services firm Morgan Stanley had experienced an insider breach, which resulted in customer data being posted online. The breach was initially detected when data related to a portion of the firm’s wealth management clients was observed on Pastebin. Pastebin is a popular site for sharing text-based data, and while it is widely used for sharing code between developers, it has also long been a thriving marketplace for advertising and selling stolen data for everything from compromised user accounts, cracked passwords, credit card numbers, and in this case account data.

Read More »

Topics: Cyberattacks, Insider Threats

Malicious Insider Psychology – when the personal bubble bursts

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Dec 22, 2014 3:00:00 PM

In the previous post, we examined the motivations and constraints that make an insider ‘malicious,’ and we saw that external and mental pressure, an opportunity to steal confidential information and rationalization of the potential theft are the factors that contribute for an insider to turn against his employer.

While these three factors are necessary triggers for becoming malicious, there is much more going on in an insider’s mind before, during and after an attack. What are the mental stages that a ‘turning’ insider goes through? And what are potential indicators for each stage?

Read More »

Topics: Insider Threats

Malicious Insider Psychology – when pressure builds up in the Fraud Triangle

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Dec 13, 2014 9:00:00 AM

In previous posts, we have discussed various types of insider threats that affect US government, companies and organizations in charge of critical infrastructure. We have discussed various insider attack patterns, but what are the motivations and constraints that make an insider turn against his employer?

We have seen that so called ‘whistle blowers’ may act upon their own convictions and turn against their employer, but their numbers are very limited.As the majority of cases involves the theft of information and assets in an organization for own personal gain, what are the motivations and constraints in this case? 

Read More »

Topics: Insider Threats

Community Threat Analysis Uncovers Insider Attacks

Posted by Mike Banic, VP of Marketing on Dec 10, 2014 1:28:56 PM

Today, we announced the new Community Threat Analysis for the Vectra X-series that puts your organizations key assets at the center of real-time investigations of Insider and targeted attacks.

2014 has been the year of the breach, and as a result companies are increasing their investment in cyber security. However, the majority of cyber security products focus exclusively on malware and external attacks, and are effectively blind to insider threats. At Vectra we believe that security should protect your most important assets regardless of whether the threat is from an external attacker or a malicious insider. You don’t get to choose your attacker, so why should your security solutions protect only against one type? Let’s take a closer look at why stopping the insider threat is crucial, and what Vectra can do to help.

Read More »

Topics: Insider Threats

Insider attacks pose a serious threat to critical U.S. infrastructure

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Dec 7, 2014 7:00:00 AM

A scary 70 percent of critical infrastructure organization suffered security breaches in the last year, including water, oil and gas, and electric utilities. An almost equally high number of 64 percent anticipate one or more serious attacks in the coming year. 

In the previous posts of this series, we highlighted insider threat risks for US companies and how they respond to them. While the insider threat in government agencies and big companies is a known problem with somewhat implemented mitigation strategies, less is known about the insider threat to critical US infrastructure, such as water purification or nuclear power plants. To illustrate the nature of the threats, let me provide two examples from a Department of Homeland Security report – the Insider Threat to Utilities report.

Read More »

Topics: Insider Threats

Insider Threats - the myth of the black swan

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Nov 30, 2014 9:00:00 AM

Insider Threats - the myth of the black swan While the reported $40 billion of insider threat losses for the US economy seem scary, many companies consider insider threats to be more like a ‘black swan’ event – highly visible, but extremely rare, abstract, and too hard-to-predict in order for it to constitute a real threat. But it is the gray areas companies should be wary of.

In previous posts of this series, we described how companies are affected by malicious insider incidents, and what impact and cost these incidents might cause. Most think of highly publicized whistleblower cases such as Edward Snowden and Bradley Manning. Overall, these seem like natural disasters (e.g., earth quakes), you can take some precautions, but then you just hope it will not happen to you … and if it does, it will be disastrous (and you just have to accept it).

In addition, I often hear arguments from small and medium sized companies that they do not feel exposed to the insider threat because:

Read More »

Topics: Insider Threats

Insider Threats - how they affect US companies

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Nov 22, 2014 7:00:00 AM

Oliver_B_Blog_Image_Week_3In the second post of this series, we looked at basic definitions of insider threat incidents and their impact on organizations. Now, let’s have a closer look at how malicious insider threat actions affect companies in the United States, and how companies can respond to these threats.

From the most recent consolidated data available on this subject, over 50% of organizations report having encountered an insider cyberattack in 2012, with insider threat cases making up roughly 23% of all cybercrime incidents. This percentage has stayed consistent over the prior couple of years, but the total number of attacks has increased significantly.

The result is $2.9 trillion in employee fraud losses globally per year, with $40 billion in losses due to employee theft and fraud in the US in 2012 alone. The damage and negative impact caused by insider threat incidents is reported to be higher than that of outsider or other cybercrime incidents.

Interestingly, in contrast to outsider attacks on networks, insider cyberattacks are under-reported. Only a few cases make it into public media or are even known to insider threat experts. Reasons for such under-reporting areinsufficient damage or evidence to warrant prosecution, and concerns about negative publicity. The risk of revealing confidential data and business processes during investigations may be another reason why many companies don’t report and prosecute insider threat incidents.

Read More »

Topics: BYOD, Insider Threats

Insider Threats - is your organization safe?

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Nov 15, 2014 6:39:00 PM

In the previous post of this blog series, we discussed highly publicized whistleblower cases such as Chelsea Manning and Edward Snowden. While government agencies are ramping up their protections of data and infrastructure against these cases, what danger do malicious or negligent insiders constitute for organizations, including corporations and small businesses, and what kind of insider threats exist? Is your organization safe?

Let’s first look at a more formal definition of the malicious insider. According to the computer emergency response team (CERT) at CMU, a malicious insider is a current or former employee or contractor who deliberately exploited or exceeded his or her authorized level of network, system or data access in a way that affected the security of the organization’s data, systems, or daily business operations.

Read More »

Topics: Insider Threats

Insiders – Threat or Blessing?

Posted by Oliver Brdiczka, Principal Data Scientist, Vectra Networks on Nov 12, 2014 11:30:00 AM

Insiders leaking information about secretive government practices and decision-making have had their impact on public opinion and United States policies in recent years, but are these leaks for the benefit of society, or do they push a hidden agenda?
The most prominent example is  Edward Snowden who leaked significant amounts of classified information from the National Security Agency (NSA) about its practices. On September 23,  Edward Snowden received the Swedish human rights award, also referred to as the alternative Nobel prize, for his revelations in 2013. Snowden, who “blew the whistle,” got rewarded  “for his courage and skill in revealing the unprecedented extent of state surveillance violating basic democratic processes and constitutional rights.” 
Read More »

Topics: Insider Threats

Subscribe to the Vectra Blog

Recent Posts

Posts by Topic

Follow us