The Internet was conceived without security at its heart, and crime has changed drastically as a result of its existence. Digitisation-led, dynamic changes to the technology landscape have created unlimited opportunities for cyber criminals and last year, we saw hacking turn “corporate”, into sophisticated, financially motivated and highly organised hacking empires. Most terrorists and organised crime groups today are loosely affiliated cooperative networks, just as likely to hire web programmers as they are to hire muscle. Some hacking groups are so organised they even resemble mini-multinationals, and have access to automated exploit-kits and cloud-based software services that are just as (some say more) sophisticated as those used by Fortune 500 companies and even nation-states.
The scale is jaw-dropping. Symantec reported that global cyber-crime costs victims $110 billion a year in remediation, ransom payments and lost business but it is not likely that hackers are going to report their earnings, so it is likely to be higher. Cyber criminals continue to leverage time-tested techniques like bribery (the attacks on Apple & Sage recently, for example) to gain access to privileged accounts – the preferred entry into a system for a hacker – but these new business models mean that hackers can work faster, bigger and keep a proper operational space. The average cyber-criminal today is not a nerdy teenager in his mum’s basement; he is 35 and has chosen it as a lucrative career path, on which he can easily make $80,000 per month. Hacking is now a structured business with processes, C-level execs, employees on a payroll, HR departments, hired brokers to act as middlemen and mask activities, and police recently unmasked a group who had hired a marketing director to tout their software to other hackers and even had a customer-support team!
Think again. Some of the most dangerous hacking groups may have names like Deep Panda, Putter Panda, and Flying Kitten, but they are to be feared nonetheless. With devastating data breaches in the headlines, finally companies are recognising the incredible impact leaked data can have on a company’s reputation – but also has malicious opportunists recognising there is profit to be gained from such attacks. Criminals do not need to hire programmers or be able to do write viruses themselves; they can rent crime ware services that will gain them invisible access to a network where they can steal data and funds for years without being caught. However, every business should be particularly worried about the recent spike in the recruitment of insiders. It is a problem on the rise across all industries, especially the financial sector.
Trusted and talented employees turning against their employers happens for a number of reasons and such behaviour is often difficult to spot. Sometimes it is just a case of trying to mask an honest error, but in many cases it stems from bitterness over redundancy, being overlooked for a promotion or dismissal. It could even be stress from work and home life (financial challenges, etc.), a desire for financial gain, whistleblowing (increasingly common among millennials, Edward Snowden for example), and even because there are just some people who like to watch the world crumble. It all depends on the employee, but exposure to such factors can lead to a sense of emotional spiralling, feeling underprivileged and extreme vulnerability regarding that trusted insider becoming open and receptive to data-stealing opportunities.
The Dark Web is the current favourite way to find these insiders. Cybercriminals carefully vet and recruit these ‘privileged users’ (those with unlimited access to company data and infrastructure) to help them make illegal trades or purchases with stolen credit card numbers, or to steal data or commit fraud, often providing them with the cyber tools to do so. Dark web forums recruit insiders to infect 20,000 computers for a pay-per-infection rate for example, with others offering significant weekly sums for access to a bank’s computer. Insider threats can be motivated by financial gain, revenge, desire for recognition and power, blackmail, loyalty to other organisations, political beliefs, even spurned advances (as happened in 2014 to a small virtual training company). Regardless of position or ability, they all pose a threat.
From credit card details and customers’ passwords to intellectual property, the dark web has it for sale, but authorities still face an uphill battle in their efforts to locate and prosecute those responsible. When the scale is so huge, cyber criminals know that their chances of getting caught are slim. Going global has always been an important way for businesses to extend market opportunities, but it offers cyber criminals the added advantage of extra cross-border legal hurdles for authorities; they know how difficult it is to extradite people for cyber-crime (and even if you do, the penalties are weak).
Most organisations, however, admit to not having adequate measures in place to detect or prevent insider threats and are often still in denial about the magnitude of it. Privileged users include direct employees (from junior programmers to board executives), contractors, or third-party suppliers of application development and computing services, and with their legitimate privileged access they could steal or corrupt networks and data but go completely undetected. It remains that 80% of organisations’ concentrate security measures around perimeter defences focused on external bogeymen rather than the evil already lurking inside.
It is hard to anticipate risk in an ever-evolving and complex environment, but understanding the threat landscape – internal as well as external – is key to protecting a business. Organisations need to take insider threat more seriously and ensure they have complete visibility of all information being accessed, monitored and moved in and out of the business. It’s not about IPs, firewalls, ports and protocols anymore; the only way to detect, monitor and manage this type of danger and reduce the insider threat without compromising employee access, is with PAM:
Osirium’s PxM platform:
* Separates people from passwords
Perfectly manages context driven access over any number of systems across an infrastructure.
* Authorises privileges for users only when and in which systems they are needed, then automatically revokes those privileges once the requirement is complete.
* Ensures full accountability and visibility for meeting compliance mandates and deters insider threats by providing irrefutable evidence & granular audit trails of privileged activities.
* Automates administrative tasks without exposing Privileged Accounts, securing the most vulnerable entry points for attackers & improving workflow.
The PxM Platform provides the full suite of privileged account management tools.
To find out more about how the Platform can help protect against insider threats and control the misuse of privileged accounts, visit https://osirium.com.