Knock knock! Trick or treat! Companies and cybercriminals play the same game. You could be opening back doors to cybercriminals this year, without even knowing it. You’ll lose this game if you don’t fight back. Ransomware attacks will capture your documents and the attackers will be expecting a big juicy reward (if you want your files back, that is). This Halloween, beware!
An insider could already be hiding within company walls, brewing up trouble. A recent study shows that 60% of attacks perpetrated in businesses were carried out from inside the workplace. From undercover spies to terrorism gangs to disgruntled employees that steal top-secret information. Double, double toil and trouble…
And what about you? What type of Insider are you?
Attacks by staff with privileged access represents one of the greatest threats for the security of the corporate information and data of your customers. Research conducted by Ponemon Institute indicate that hackers and criminal insiders are the main culprits of the security holes and data breaches. Three quarters of these attacks are ill intended, and one quarter of them are accidently carried out by employees without bad intention.
This year, the global cost of the infractions carried out by insiders with bad intentions is 154 euros per capita, much higher than the cost of infractions caused by system errors and involuntary offenses (about 125 euros and 120 euros per capita).
A history of perfect crimes
At the beginning of this month, an employee from the US government, Harold Thomas Martin, was accused of stealing classified information related to the NSA (National Security Agency). Let’s not forget the Edward Snowden leak from three years ago.
Shalom Bilik, who was subcontracted for computer system maintenance for Israel’s Ministry of Social Security and Welfare, accessed a database and stole information pertaining to 9 million Israeli citizens so he could sell it later on the black market.
Even Dropbox couldn’t escape from the insiders, when a cybercriminal stole data pertaining to more than 500 million users thanks to a negligence of an employee. It happened this time because of the carelessness of a Dropbox employee. The cybercriminals were able to obtain his LinkedIn password, which was the same one he used for saving files in the Dropbox Cloud. Stored in the cloud was a work document that contained a long list of email addresses. Access to more than 500 million users? What a treat for criminals who want to trick users with massive same campaigns.
Some tips to keep you protected from internal threats
- Start using a cybersecurity solution that has advanced protection features, and that also has the capacity to detect and remedy possible threats.
- Lack of control over what happens in all devices and systems is a common point in all analyzed attacks. What will help us is a tool that’s capable of controlling all active processes on every device connected to the corporate network.
- Revise personnel policies and control systems in order to adjust to privacy requirements and adapt them to the technology that’s available.
- Keep your operating systems updated and programs on all of your company’s devices.
Make sure that Halloween only comes once a year. Manage, control and protect your information against advanced threats with Panda Solutions for Companies.
The post Insiders, their costumes are so good you won’t even recognize them. appeared first on Panda Security Mediacenter.