Skip to main content

Featured

What Motivates Young Cybercriminals?

In the world of cybercrimes, the majority of cybercriminals always seek financial gain, but this is not the primary motivation. Aside from the advanced sophistication of state-sponsored incidences, the young cybercriminal venturing into the dark side boils down to their ego. Adolescent criminals seek out recognition among their peers eager for a sense of success in an effort to prove themselves.

Many seek out popularity within internet hacking communities driven by a feeling of accomplishment they compromised a target. This provides them with a rush, a demeanor to develop their skills further becoming tragically involved with organized crime immersed in their addictive and dangerous sphere of influence.

Others find inadequate employment opportunities and thus are lured into the dark side to learn a skill as a matter of survival by participating in online hacking groups. They are easy prey for organized crime and state-sponsored groups to recruit indoctrinating them into …

The CISO’s Guide to Managing Insider Threats


Critical digital and physical assets are becoming increasingly vulnerable due to accelerated connectivity, differing global regulatory requirements, joint ventures and business partnerships and security weaknesses within complex multinational supply chains. These factors have led to a rise in insider threats for enterprises across all industries.

An insider threat is an employee or a third-party vendor that has access to a company’s network. While some insiders seek to compromise sensitive corporate data for monetary gain or out of spite, others do so accidentally due to negligence or lack of awareness.

According to the “2016 Insider Threat Report” by Crowd Research Partners, 75 percent of survey respondents estimated insider threats cost their companies at least $500,000 in 2016, while 25 percent reported costs could exceed that amount. The study also found that 74 percent of organizations are vulnerable to insider threats. Of that number, 7 percent reported that they were “extremely vulnerable.”

Common Behavioral Indicators

The most common indicator of an insider threat is lack of awareness. For instance, employees with savvy IT skills often create workarounds to technology challenges. When employees use their own personal devices to access work emails, they often create new vulnerabilities within the organization’s physical security processes and IT systems.

The chief information security officer (CISO) must be aware of these patterns to detect suspicious motives, which requires a holistic and layered approach to user behavior analytics (UBA). The following are examples of behavioral indicators:

  1. Downloading substantial amounts of data to external drives;
  2. Accessing confidential data that is not relevant to a user’s role;
  3. Emailing sensitive information to a personal account;
  4. Attempts to bypass security controls;
  5. Requests for clearance or higher-level access without need;
  6. Frequently accessing the workspace outside of regular working hours;
  7. Irresponsible social media behaviors;
  8. Maintaining access to sensitive data after termination;
  9. Using unauthorized external storage devices;
  10. Visible disgruntlement toward employers or co-workers;
  11. Chronic violation of organization policies;
  12. Decline in work performance;
  13. Use of mobile devices to photograph or otherwise record computer screens, common work areas or data centers;
  14. Excessive use of printers and scanners;
  15. Electronic communications containing excessive use of negative language;
  16. Installing unapproved software;
  17. Contact with high-risk current or former employees;
  18. Traveling to countries known for intellectual property (IP) theft or hosting competitors;
  19. Violation of corporate policies;
  20. Network crawling, data hoarding or copying from internal repositories;
  21. Anomalies in work hours;
  22. Attempts to access restricted areas;
  23. Indications of living beyond one’s means;
  24. Discussions about resigning or new business ventures; and
  25. Hostile, abnormal, unethical or illegal behavior complaints.

Remediation Pain Points

Insider threats are costly to remediate because they are complicated to detect. A thorough investigation often requires companies to hire forensic specialists to determine the extent of a breach. It is also challenging to distinguish malicious activity from regular day-to-day work. For example, users who have elevated access privileges interact with sensitive data as part of their regular jobs so it can be virtually impossible to determine whether their actions are malicious or benign.

Users who have elevated access privileges often cover their tracks by deleting or editing logs, impersonating another user or using a system, group or application account. Proving guilt is yet another pain point, since offending users may claim ignorance or human error.

Steps to Combat Insider Threats

Most organizations lack procedures to deal with internal threats. Moreover, security architecture models have no room for insider threats. Security infrastructures primarily prevent outside attackers from gaining entrance to the network undetected, operating under the false assumption that those who are granted internal access in the first place are trustworthy.

To adequately account for and remediate insider threats, organizations must establish a comprehensive, risk-based security strategy that includes the following four elements:

1. Information Governance

It is of paramount importance to protect critical data assets from insider threats. Information governance provides business intelligence that drives security policies and controls. This improves risk management and coordination of information management activities. A robust information governance foundation enables organizations to adopt a risk-based approach to protecting their most valuable assets and installing sound data management procedures.

2. Advanced Forensic Data Analytics

User-based analytics are indispensable tools that provide detection and predictive measures to thwart insider threats. These solutions incorporate artificial intelligence and machine learning technologies that objectively analyze insider behaviors and generate risk rankings within the user population.

3. Incident Response and Recovery

External and insider breaches have their own nuances, but the impacts are similar and should leverage the same response program in anticipation of a significant violation. Organizations must strive to build as strong an insider threat program as possible. It’s also essential to develop an incident response program that considers both internal and external breaches.

4. Legal Considerations

An insider threat program cannot be successful without careful legal and regulatory considerations. For example, privacy laws about employee monitoring vary across national boundaries. In the U.S., the Electronic Communications Privacy Act (ECPA) allows employers, under specific provisions, to monitor their employees’ emails and other electronic communications. Meanwhile, the member states of the European Union (EU), in compliance with the European Convention on Human Rights, adhere to privacy laws under the Data Protection Directive, which regulates how organizations within the EU process personal information.

A Cross-Organizational Challenge

Combating insider threats is an organizational issue that crosses people, processes, and technology and requires a detailed understanding of the organization’s assets and security posture. It also demands a clear separation of duties, continuous monitoring of employee behaviors and a formal insider threat program that includes IT, human resources, legal and all other business groups. With the proper resources in place, a CISO can gather the actionable intelligence needed to thwart internal attacks and gain visibility into the highest-risk users.