Years ago, I sought employment at Lockheed Martin, one of the largest defense contractors in the world. With my resume in hand, reflecting my IT qualifications and charming demeanor, I hoped to land the job – so I could get physical access to its networks.
At the same time, I had already applied for a janitorial position at a local police department to steal credentials for logging into the National Criminal Information Center (NCIC).
A year later, I obtained employment with a private security company and used it to gain physical access to the networks of a mainstream clothing company at their financial division's office. Then, I moved on to backdooring a local television network and ended up sabotaging their Voice over Internet Protocol (VoIP) servers, taking them offline from inside their server room.
As an insider threat, I knew each facility's internal and external layout, had physical and remote access to its CCTVs, and could erase and replace footage copied from previous shifts.
I could copy RFID access badges for privilege escalation as I seamlessly bypassed access controls. I had intimate knowledge of the daily routines of all these businesses, the names and faces of contractors and employees, and bugged virtually every computer system on their networks.
This meant I could enable microphones and web cameras at each workstation and eavesdrop on their daily operations, scrub each system for credentials, and even sell proprietary information to competitors – if that was my goal.
Put simply, I was an insider threat and the last person you’d ever suspect of criminal mischief. This was my lifestyle. As a consequence, I was secretly the worst employee in human history. As for you, if you were unfortunate enough to buy into my charm and hire me, your business and network fell under my control.
That is exactly how trust is broken and in the worst way.
Statistics show a rise in insider threats
Statistics show that insider security incidents are growing, having risen by 47% since 2018. As a consequence, the average cost to impacted companies has increased by 31% since 2018.
Additionally, the number of reported insider security threat incidents has risen significantly to 76% during the last five years. Less than half of organizations believe they are equipped or have the right tools to combat this.
Impacted industries include professional services, which was the top target for threats of this nature, accounting for 24% of all reported insider threat cases. Also, manufacturing, financial services, and even health care were also among those impacted.
Furthermore, increased remote work has created an additional element of opportunity for cybercriminals to target sensitive systems used by employees working outside of a safe network environment.
Various forms of insider threats
While companies spend plenty of money on network security, a vulnerability that is often overlooked is physical security and local protocols to enforce it.
For example, I used to work in a warehouse that was a federal foreign trade zone (FTZ), with shelves filled with expensive robotic products. While companies seem to know how to deactivate employee badges and walk them out the door when they’re fired, what do you do when the real threat is a current employee?
Rather than casting a suspicious gaze over the warehouse floor or cube farm, investing in proper access controls can be the one thing that stands between protecting your company and its employees from a threat actor armed with a Flipper Zero, knocking out the WiFi your IP CCTV cameras are running on, and entering the facility with a cloned RFID badge.
In one case, I used to work with a fellow who used to enter an office on a floor we didn’t work on because the janitor always left the door to the office unlocked. Once inside, he made wildly expensive international calls to the Middle East – until the day he was caught, fired, and fined.
Negligence is a common occurrence where sensitive information is exposed unintentionally. This constitutes an insider threat due to human error. For example, accidentally sending a message with sensitive attachments by text or email to the wrong recipient. But what happens when this happens in the workplace, especially if it contains confidential information?
This is why vigilance and attention to detail are crucial when handling sensitive information, especially during crunch time when mistakes are more prone to occur.
Insiders with uncontrolled access privileges, especially when access controls aren’t logged or implemented at all, can lead to the abuse of access, which can expose sensitive systems and the information they contain to the wrong person, like a devious security guard.
Social engineering attacks comprise 98% of all cyberattacks. This makes social engineering the most prevalent component used by malicious actors. In the workplace, when employees are manipulated into disclosing sensitive information over the phone or by phishing campaigns.
Physical security breaches are among the most common. Holding the door open as a courtesy when policies prohibit it constitutes a physical breach, even if there’s no malicious intent. We often do this daily without a second thought. We grant access to strangers and never think what their intent is.
Corporate Espionage occurs whenever an employee aims to steal proprietary information or trade secrets and offer them to a rival company or competitor.
Data misuse is another common instance, where employees access or misuse company information or resources for non-work related purposes. For example, over a decade ago, nearly a dozen employees with the National Security Agency used the NSA’s spy tools to surveil their ex-lovers or partners.
Third-party vendors are essentially outsiders who are given legitimate access to enter certain areas of a facility. This can present a unique opportunity for an insider threat to operate unnoticed if the company does not have strict policies in place.
The malicious insider can be anyone from an employee acting intentionally to plunder sensitive information, steal physical hardware or devices, or even cause sabotage.
Important keys for workplace integrity
While investing in security tools designed to detect possible indicators or compromises is worthwhile, the foremost tool for protecting the integrity of the workplace and its sensitive data is to establish a protective and supportive culture and enforce it.
While holding the door open for fellow employees is a common courtesy we typically practice because we do it everywhere else we visit, it must be understood that the workplace and the grocery store are not the same. Therefore, every employee should take great pride in doing their part in protecting the security of the workplace.
When I worked at the FTZ, every employee had to swipe their card in order to access the turnstile and enter the facility. This, in turn, logged and timestamped the employee as being present in the building.
Each door was access-controlled and surveilled by CCTVs. Employees who forgot their badges were prohibited from passing through the turnstile using someone else's identification, and if they did, it created an indicator of compromise and prompted an inquiry by Human Resources, who confronted employees who did this.
To clock into their shift, they could enter their employee ID manually into the digital clocking system, but only with a code input by the shift supervisor to authorize it. People who repeatedly abused this system were sent home.
Just as home is your castle, the workplace is likewise your castle. Therefore, keep an eye on things, and make sure your employees follow policies that help protect against instances of insider threats.
Suppose you don’t keep access control devices used for programming badge privileges under lock and key. In that case, someone like me might gain access to it, design an all-access administrative badge, and start waltzing through your most sensitive offices and server rooms helping themselves to your private data.
Your email address will not be published. Required fields are markedmarked