Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/21/2020
02:00 PM
Hitesh Sheth
Hitesh Sheth
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Dealing With Insider Threats in the Age of COVID

Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.

Although the toll of an insider attack in North America can cost a company more than $11 million a year, many still consider insider threats to be too rare to constitute a real threat. Attacks resulting from insider threats are widely regarded as extreme outliers and consequently taken less seriously by leadership and security teams.

Nonetheless, companies should be mindful of dangerous gray areas, especially when considering attackers are always looking for the path of least resistance. These gray areas may include new bring-your-own-device policies and shadow IT devices that result from the rapid shift to remote work or high employee turnover rates.

Related Content:

Time for Insider-Threat Programs to Grow Up

State of Endpoint Security: How Enterprises Are Managing Endpoint Security Threats

New on The Edge: CFAA 101: A Computer Fraud & Abuse Act Primer for InfoSec Pros

The average impact of insider threats does not say anything about the overall frequency. Even if the average per-breach loss to a company is minor, cumulative losses can intensify if insider threats occur frequently. And this doesn't include reputation loss, which is tough to measure and harder to overcome.

The threat landscape has broadened and diversified, especially since the COVID-19 outbreak in March 2020. The global workforce is now largely remote and can work from just about anywhere — not just at home. A lack of security awareness of exploits — such as email phishing attacks and voice phishing attacks that target employee VPN credentials — can be costly.

Reduced and changing worker loyalties to employers and higher employee churn rates also expand the gray area. Examples include unintentional misbehavior and misuse of resources, neglected security vulnerabilities, violations of company policies, and theft. The 2018 trade secret dispute between Waymo and Uber underscores the huge risks employers face in safeguarding intellectual property (IP) when employees leave.

Not all gray-area cases result in catastrophic losses, but they can quickly become very costly in aggregate. A growing number of smaller cases occur below the radar with rarely a mention from victimized companies. The danger is that negligent and malicious practices in the gray area become widely accepted without acknowledgment and action.

Besides a strict reinforcement of nondisclosure agreements that protect company IP, employees must understand that preserving confidential information from a previous employer is unlawful. Employee awareness and training are important factors in changing employee attitudes about ethical standards in the workplace, and employers must be prepared to practice what they preach.

I recommend that company leadership dedicate resources to consistently uphold these ethical principles, even if it means denying new employees from sharing information from their prior employers that could benefit you in the short-term.

Another area for improvement involves deploying network monitoring tools to track vital company IP and other critical assets across cloud, data center, Internet of Things, and enterprise networks. Do you know where your organization's most important assets reside? If a malicious insider were to gain access via lateral movement or another means, do you have data protection policies deployed?

The ever-expanding gray area of insider threats forces businesses to think beyond simple monitoring for forensics and litigation purposes. Instead, anticipate the actual threat itself by proactively detecting and responding to malicious behaviors that can lead to a data breach or theft.

The truth is the red flags that often denote an insider threat are hard to delineate from false positives or other risks. Unfortunately, the key to pulling off an effective attack as a malicious insider is in the details. You must blend in with normal behaviors, use the access you have, and be mindful not to overstep authorization to avoid detection before your plan can unfold.

Suppose you are looking to reduce the likelihood of these insider jobs. In that case, you must first understand that while these are often not premeditated, your security team and other personnel must be prepared to spot anomalies in their everyday workflows.

Hitesh Sheth is the president and CEO of Vectra. Previously, he held the position of chief operating officer at Aruba Networks. Hitesh joined Aruba from Juniper Networks, where he was EVP/GM for its switching business and before that, SVP for the Service Layer Technologies ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33818
PUBLISHED: 2021-06-18
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVE-2021-33820
PUBLISHED: 2021-06-18
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.
CVE-2021-33822
PUBLISHED: 2021-06-18
An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVE-2020-18442
PUBLISHED: 2021-06-18
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
CVE-2021-3604
PUBLISHED: 2021-06-18
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.