Networking, Enterprise

How to Fight Insider Threats and Recruitment Tactics

Jesse Miller, CISO, Stratosphere Networks
Author: Jesse Miller, CISO, Stratosphere Networks

Elon Musk. Barack Obama. Jeff Bezos. Kanye West. What do all of these people have in common? Hackers recently succeeded in gaining access to their Twitter accounts, according to NPR. After taking over these high-profile accounts, among others, the malicious actors sent out tweets posing as these celebrities and politicians and claiming that they would double or otherwise multiply all Bitcoin payments sent to them within a 30 minute time period.

In a blog post, Twitter revealed that the hackers used social engineering strategies to get around security safeguards. “The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections,” the post explains. “As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”

It’s not yet clear whether the cybercriminals tricked Twitter employees or worked in cahoots with them, although Vice has reported that two anonymous sources who participated in the account takeovers and leaked screenshots reveal the hackers paid a member of Twitter’s internal staff to help with the scheme. If that’s true, this incident is an example of a larger trend in the world of cybersecurity called insider recruitment, according to Data Breach Today.

In addition to proactively working to fend off threats that come from outside the company, CISOs and other executives must also stop hackers from turning their employees to the dark side with tactics like bribes and blackmail.

The Rise of Insider Recruitment

Security incidents caused by either negligent or malicious internal actors are a growing problem, having increased by 47 percent since 2018, according to the study “The Real Cost of Insider Threats in 2020,” conducted by the Ponemon Institute and sponsored by IBM and ObserveIT. The average annual cost of an insider threat also went up by 31 percent during that time period, reaching $11.45 million. Negligent insiders are considerably more common than malicious ones, accounting for 62 percent of incidents. Criminal insiders are responsible for just 14 percent. However, the average cost per incident is higher for the criminal actors ($756,000) than it is for the merely careless ($307,000), according to the study.

The 2019 Insider Threat Report from Bitglass paints a similar picture, with nearly 60 percent of organizations surveyed reporting that they experienced an insider attack during the past year, up from just one in three the previous year (2017). This seems to be partly driven by the move to cloud solutions and a lack of monitoring in that space: Only 40 percent of respondents to the Bitglass survey said they keep an eye out for unusual end user behavior across cloud apps, and the majority (56 percent) agreed moving to the cloud makes it harder to identify insider threats.

What You Can Do to Fight Back

Successfully stopping malicious outsiders from finding a foothold within your organization requires both technical and cultural measures. On the tech side, solutions that can lower the odds of an insider attack occurring include the following, according to the U.S. Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center:

  • Encryption
  • Access management solutions
  • Data loss prevention measures
  • Digital rights management
  • Database monitoring
  • SIEM or other log analysis methods

You can also implement a Zero-Trust Network Architecture with a Secure Access Service Edge (SASE), which only grants end users access to the specific resources they need to do their jobs. However, due to the social element of insider recruitment, technology alone can’t keep your organization safe. Security leaders should also work with HR to ensure the company maintains a positive culture that helps employees feel valued and fosters pride in their work and the company.

Other social strategies you can use to lower the odds of insider attacks include the following, according to the DHS:

  • Ensure through the hiring process that your staff members’ attitudes match up with your organizational values.
  • Give your employees processes for airing concerns and pain points to lower the odds of attacks driven by disgruntlement.
  • Train your staff to recognize red flags in their colleagues’ actions, such as destructive behavior, vocal frustration or disappointment with the company, and an apparent lack of ethics.

Ultimately, given the growing prevalence and cost of insider-driven attacks, it’s imperative that security leaders act now to address this area of risk.

Author Jesse Miller is CISO at Stratosphere Networks. Read more from Stratosphere Networks here.