The Verizon Data Breach Investigations Report (DBIR) series opened the doors to the world of cybercrime ' now, this dataset and caseload analysis has been refocused on the role of the insider – forming the Verizon Insider Threat Report.
Twenty percent of cybersecurity incidents and 15 percent of the data breaches investigated within the Verizon 2018 DBIR originated from people within the organization , with financial gain (47.8 percent) and pure fun (23.4 percent) being the top motivators. These attacks, which exploit internal data and system access privileges, are often only found months or years after they take place, making their potential impact on a business significant.
However, many organizations often treat insider threats as a taboo subject. Companies are too often hesitant to recognize, report or take action against employees who have become a threat to their organization. It's as though the insider threat is a black mark on their management processes, and their name.
The Verizon Insider Threat Report now aims to change this perception by offering organizations a data-driven view on how to identify pockets of risk within the employee base, real-life case scenarios, and countermeasure strategies to consider when developing a comprehensive Insider Threat Program.
'For far too long data breaches and cybersecurity incidents caused by insiders have been pushed aside and not taken seriously. Often they are treated as an embarrassment or just an issue for Human Resource departments,' commented Bryan Sartin, executive director security professional services, Verizon. 'This has to change. Cyber threats do not just originate from external sources, and to fight cybercrime in its entirety we also need to focus on the threats that lie within an organization's walls.'
Defining the characteristics of the threat from within
Particular attention has been paid to the types of Insider Threats that organizations can face. Profiled within specific case scenarios from Verizon's own investigative caseload – from incident detection (and validation), to response and investigation, and then to lessons-learned (countermeasures) ' five insider personalities have been identified:
1.The Careless Worker ' These are employees or partners who misappropriate resources, break acceptable use policies, mishandle data, install unauthorized applications and use unapproved workarounds. Their actions are inappropriate as opposed to malicious, many of which fall within the world of Shadow IT (i.e., outside of IT knowledge and management).
2.The Inside Agent ' Insiders recruited, solicited or bribed by external parties to exfiltrate data.
3.The Disgruntled Employee ' Insiders who seek to harm their organization via destruction of data or disruption of business activity.
4.The Malicious Insider ' These are employees or partners with access to corporate assets who use existing privileges to access information for personal gain.
5.The Feckless Third-Party ' Business partners who compromise security through negligence, misuse, or malicious access to or use of an asset.
Eleven building blocks for an effective Insider Threat Program
The report provides practical advice and countermeasures to help organizations deploy a comprehensive Insider Threat Program, which should involve close co-ordination across all departments from IT Security, legal, HR, to incident response and digital forensics investigators.
Two factors hold the key to this success ' knowing what your assets are and ultimately who has access to them.
'Detecting and mitigating insider threats requires a different approach compared to hunting for external threats,' continues Sartin. 'Our aim is to provide a framework that enables companies to be more proactive in this process and to slice through the fear, uncertainty and embarrassment that surrounds this form of insider cybercrime. Verizon sits between the sources and victims of cybercrime on a daily basis, and by sharing real scenarios from our caseload we hope that organizations can learn and adopt the countermeasures we recommend to implement their own programs.'
