Sergey Ozhegov, CEO of SearchInform, discusses how the biggest security risk may well be the insider
Today most organisations are focused on protection against external attacks. Ransomware, ‘Russian hackers’, ‘Anonymous’ pop up in the media as the cause of high-profile leaks. However, statistics show that 43% of information leakages occur due to the fault of employees. Some had no idea about confidential or malicious files stored on their computers, some took corporate data outside the organization and forgot laptops in a cafe, and some just copied all the necessary data that might be useful in another workplace.
But less innocent incidents may happen as well. Some cases affect companies financially and can also be detrimental to the company’s reputation. There are a few real life stories:
More than 50% of enterprises in the USA became cyberattack victims in 2017. The question is whether all the incidents are organized by hackers or whether there are attacks triggered by employees?
In August 2017, a petrochemical plant in Saudi Arabia experienced a new kind of cyberattack. The incident could have been deadly – it wasn’t only about data security threat, but also about people’s lives. Hackers tried to sabotage the plant. The code written by the attackers was intended to cause an explosion. Cybercriminals had compromised Schneider industrial controllers which are used at 18,000 plants around the world. The disaster was avoided because of a bug in the code.
The investigation took more than six months. A digital file was found on a PC, which didn’t seem to differ from the original component of the Schneider system, but was created to actually destroy it. Experts do not believe that the reason is an insider, however they cannot explain how the file got on the computer.
The source that put the malicious file into the system hasn’t been found yet. This means only one thing – the crime might happen again. The problem can be solved by controlling employee activity: what gets downloaded from or uploaded to a PC, what gets deleted, etc. DLP systems handle this kind of problem by monitoring actions with files within the company, including creating, copying, modifying and deleting. This software will exclude or confirm the presence of an insider setting the right direction for investigation. It will provide you with a whole picture of what is happening and give crucial details if bundled with other programs monitoring communication channels.
Dealing with fraudsters
The employee’s act entailed several violation charges: bribery, forgery, fraud, disclosure of secrets, theft.
A bank employee admitted that she accessed the client’s account which she had no rights to. She transferred the obtained information to another bank employee. He shared confidential information with the rest of the accomplices. Scammers falsified electronic documents and used the client’s bank account, while he did not suspect anything. Violators received secret codes from the bank, enabling them transfer the money to the accounts of the criminals. The girl was found guilty of information leakage of 2,500 customers. The data comprised the name, date of birth, account balance, and the number of the card assigned to the account.
The employee was offered $15,000 as a bribe to provide account data, but the loss cost the client $300,000 .
The incident was discovered by the bank only when the amount had already been transferred to the account of the criminals.
Violating the golden rule
Reputation of banks and mobile operators depends directly on corporate ethics. Confidentiality is the backbone of such organizations. But there are employees who don’t care about the law regarding protection of personal data.
When $270,000 was stolen from customers’ accounts, the Dubai police brought to justice the bank, the telecommunication service provider and the initiators themselves. The criminals received the necessary data from a bank officer and phone numbers from an employee of a telecommunication company. The insiders took a bribe and helped the attackers gain access to the accounts of unsuspecting customers.
Many banks ask clients not to send details of accounts, as their employees do not request data by e-mail but use special secure channels. Even so, such measures are not always enough. Insiders are a special category, and they can be restrained with the help of control systems featuring comprehensive monitoring.
Sergey Ozhegov is CEO of SearchInform.
Specialists, unlike hackers, know about everything that happens inside the organization. Viruses and ransomware can damage the system, but employees can jeopardize the whole company and remain unrevealed as long as they work. Fighting only external threats is like closing the front door and keeping the service entrance open. Developers have found a solution to the problem of combating insiders. All the companies have to do is to use it.