In current time, cyber crime has dispersed threat widely, and compelled every individual to think about emerging cyber crime. Attackers target users; different Websites are often at security risks, and innocent users become a victim, and lost millions of dollars and their confidential data. Therefore, Insider threats should be considered to avert cyber attacks.
External attack happens if organization has lower web security, and hackers execute an attack on the network, server system, and applications. Insider attack happens only when an unsatisfied or disgruntled employee tries to manipulate the system of an organization and steals confidential information in an unlawful way. In this article, I will reveal about insider threat.
Insider Threat:
Insider threat referred to an employee also named a cracker or hacker, who has privilege access to sensitive or confidential data, and accesses such information from computer system, networks of the organization and misuse it to do harm to the organization. In such types of threat, hacker finds vulnerability in the system at where the major damage can be done with least efforts. Such damage has multiple forms, including virus, worms, Trojans, etc. There are three categories of insider threats like
- Employees without awareness expose data to the outside persons. Where a careless employee innocently ignores security measures and leaves a personal computer or laptop opens for attacker.
- Employees deliberately expose sensitive data to the third person. Where an employee with malicious intention alters or steals the confidential information.
- Untrusted insider means some person pretends to be a legitimate internal employee and access confidential information. Such attacker takes advantages of compromised system and swipe credentials and installs backdoor, malware behind firewall and other security defenses.
Causes of Insider Threat:
Insider Threat occurs in an organization due to Layoffs, employee dissatisfaction, separation of duties, and lack of security knowledge, trusted outsiders, and account and password management. There are other reasons like low pay/benefits, lack of opportunities, heavy workloads, long hours, management and work environment induce them to do such activities. The intention behind an insider threat is to damage organization’s credibility as well employee tries to feel justified in taking revenge against organization.
Example of Insider Threat:
A recent case of Edward Snowden who has accessed NSA (National Security Agency) documents by stealing coworker’s passwords. Such type of insider threat comes in second type of category, which we discussed before where an employee deliberately exposes information to the third party. In this attack, the NSA’s civilian employee, duty member of USA military, and a contractor was involved in such action that accessed coworker’s password and swiped thousands of agency’s classified documents. However, the coworker was not aware about the intention of Snowden and allowed him to access PKI certificate to access sensitive information. Before this incident, the same organization was in the news due to sharing of password where 20 to 25 employees shared their passwords, but the NSA kept silent on that incident.
How to recognize and prevent it?
Insider threat brings loss to organization by breaking fundamental to organization’s security standards. Such kind of things come under the insider threat can be considered from the below points.
- The infringement of web security may lead to data theft.
- Illegal viewing, altering, or destruction of confidential information.
- Installation of Trojans, virus, malicious programs into system.
- Use of removable storage device like HDDs, USB drive, card reader, CD/DVD.
- Theft of laptops, hard drives, palmtop that contain sensitive data.
- Theft of corporate database.
- Unauthorized installation of Wi-Fi networks.
Prevention Measures:
- Carry out regular inspection of IT security risks.
- Give knowledge about security basic to your employees.
- Inform your employees about security principals and delegate them job responsibilities.
- Make a strict password policy
- When employee leaves company, organization should establish departure process.
- Regular collect employee activity logs.
- Observe employee’s activity and take action if you find any suspicious activity.
Conclusion:
Insider threat is rising in an organization day by day. It is sensible for organization to take a precaution against insider threat and make a strict policy about employee behavior and task. In this piece of information, I tried to focus on main topics of an insider threat. If you have any further information, then you are heartily welcome to share in comments.
