Insider threats reach out | Pentest7

top cybersecurity companies

If employees want to become cyber warriors on their own, this can endanger corporate security as well as traditional insider and external threats, reports Andreas Riepen, Regional Sales Director Central Europe at Vectra AI, in a guest article.

The two have become three axes of IT threats. Organizations and their security approaches typically put a lot of energy into perimeter security. However, this approach is in contrast to the zero-trust method: companies must keep an eye on internal and inside-out traffic as well as inbound traffic.

The job of Vectra’s Sidekick (Managed Detection & Response) MDR team is to monitor all three axes for threats. The impact on a company’s reputation of being caught as a source of criminal activity is just as dire as being the target. Businesses can quickly be blacklisted, blocking communication and thus hampering business transactions. If the attack is successful, they may be held legally liable or have to take technical countermeasures. In such situations, a quick response is required.

Denial of Service (DoS) attack against Belarusian and Russian companies

Recently, the Vectra Sidekick Managed Detection & Response (MDR) team detected internal traffic leading to the following events: An employee has implicated a service company ($25 billion in annual revenue) in the Russia-Ukraine conflict. The employee used the company’s infrastructure to carry out a denial-of-service (DoS) attack against Belarusian and Russian companies. The targets of the attack were a financial services company and a shipping and logistics company. The Sidekick team detected this activity and notified the company that launched the attack, which promptly ended the activity.

Many are quick to point out that the human element is the weakest link in the security chain. But they fail to see things from the perspective that people are also the most powerful tool available to them – or the attackers. In this case, a single rogue user could have had a very large impact. In such conflicts, employees are likely to have very strong emotions. Because of these emotions, their actions can be stronger than a company’s policies or existing security measures.

Inform about external threats

Even before the recent conflict, the Sidekick MDR team found several cases where users – sometimes even administrators – installed crypto-mining programs on corporate resources. This is typically observed in university and laboratory environments with shared and open computers. Financial motives and the notion of being able to use free resources lead users to misuse these resources. So what will users do when they actually feel morally obligated and have access to “free resources”?

Organizations need a holistic understanding and approach to adequately mitigate threats. News reports, reliable threat alerts, and blog posts are still the best way to stay informed about external threats. But just as unsupervised learning is required to learn details about one’s network, these news sources cannot tell how individuals will react.

Following basic steps as outlined by CISA can go a long way in protecting organizations from cyberattacks. However, we must not forget that not all threats come from the outside and that threats emanating from within the environment are still very real. It’s all too easy in times like these to focus solely on external threats and see the big DDoS campaigns as something that only happens to other people. The networks that need to be protected can – intentionally or unintentionally – become tools in such a campaign. Ensuring reliable surveillance to ensure the best possible coverage is of paramount importance.

Leave a Reply

Your email address will not be published.