Cybersecurity – What Would It Take to Win Against the Enemy Inside?

The onset of the pandemic in March 2020 meant that institutions worldwide were headed towards an unsupervised, remote, and digitally savvy undertaking. Virtual collaboration became the norm, and so did, unfortunately, the possibility of espionage, sabotage, and data leaks. 

Fast forward to today, and employees are 85% more likely to be the subject of cyber malpractices than they were before the pandemic. 61% of security leaders have alluded to the fact that the remote workforce is responsible for data breaches. "Malicious insider" threats remain (with a 42% vote) the biggest cause for concern, followed closely by "employee carelessness" (38%).  

What about before the pandemic? Were insider threats virtually non-existent? Absolutely not! The proverbial “enemy inside” has been the root of many cyber-attacks over the years. And before we get into the whys, the whats, and the hows, we need to explore what constitutes an insider threat.  

To that end, real-life case studies would be the best bet to reflect upon the variability in the reasons behind the insider attacks. Let's take a look at some of the most infamous cases in cyber history and find out if there is a commonality in their causes. 

General Electric (GE) - Trade Secret Theft 

In 2020, the FBI unearthed how Jean Patrice Delia and Miguel Sernas, former GE employees, illegally downloaded about 8,000 files from the company's server from 2011 to 2012. These files contained information about GE's state-of-the-art calibration of power plant turbines.  

Delia and Sernas launched a company using GE's data and started bidding low prices for GE-like services to get contracts. As soon as GE discovered this, it initiated an investigation and began executing the procedures required to impose contractual penalties on the culprits.  

Justice was served, but it took nine long years for the culprits to be brought to book.  

Snapchat - Employee Carelessness 

Snapchat, in 2016, published a letter to its 700 employees about being "impossibly sorry" over the data breach that led to the exposition of their payroll information. This information included wage data, tax deductions, personal details, etc.  

Apparently, the perpetrator didn't pursue a highly-advanced, remote alternative but a lowly, off-the-shelf method. He impersonated the company's CEO, Evan Spiegel, and tricked an employee into sharing the information via email.  

Waymo - Information Theft 

Anthony Levandowski used to work in a Google-founded company Waymo until 2016, when he commenced his own startup, Otto. Levandowski stole Waymo's proprietary information and used it to assist Otto in developing its business. 

He illegally downloaded 14,000 files from Google's server. These files covered the ins and outs of Waymo's workings, including its marketing plans, test drives, etc. Later, Uber acquired the startup and unearthed the illicit operation. As a result, Lewandowski was ordered a reparation of $179 million. 

Two themes emerge from this list of cyber-attacks: the first is a clear-cut case of data theft, while the other shows the dire consequences of malicious, reckless, ill-trained, or non-advised employees.  

So, What Would It Take to Win Against this Enemy Inside? 

It is vital to realize that insider threats are not unique to cybersecurity alone. They exist in all verticals of business and are particularly dangerous as they allow internal actors to directly jeopardize the business objectives without any visibly remote trace. However, the level of threat is more pronounced with the advent of digitalization.  

Hence, the best way to cope with this threat is to look at it as a part of the company's overall cyber-security strategy rather than as a separate concern. Companies must implement the right technology and the right policies across all the departments and sub-departments.  

Formulate an Insider Risk Response Plan 

According to an analysis by Code42, 54% of the organizations don't have a risk response plan in place to address and alleviate insider threats. To put that in perspective, only half of the companies have a policy that requires an employee to report any suspicious activity. And even those aren't full-fledged, actionable procedures.  

For instance, it often takes weeks before the issue is identified and a week or two more (depending on the intricacy of systems) before its containment. Therefore, it is always essential to conceptualize a structured process that efficiently addresses the unknown. 

A comprehensive insider risk response plan encompasses: 

• A Threat Model: This will assist in identifying the high-risk areas and the most vulnerable assets. It must address the insider threat at various levels and across various departments. 
• Risk Assessment: It will enable a clear understanding of the possible scenarios and be able to form a course of action accordingly. 
• The Process: This includes identifying the key responsibilities and deadlines involved. The process should be actionable.
• Technology: This aims to implement the right technology and manage the risk of data loss. 
• Training: This ensures that the employees are trained in identifying insider risks and responding accordingly. 
• Awareness: This includes building awareness and educating the employees about what constitutes an insider threat. 
• Compliance: It covers the policies and procedures that must be kept intact to respect the information privacy rights and avert the threat.

Employ Darktrace Antigena 

Owing to the sophistication of the digital world, a threat response plan is only as good as the technology behind it. Therefore, it is vital to choose between the options that augment the effectiveness envisioned in the plan. Darktrace Antigena is one such tool.  

It is a real-time enterprise threat analysis system that works to interrupt insider threats by proactively monitoring the system, detecting anomalies, and promptly responding to the issue in real-time. Such monitoring spans across devices and servers and is thus, effective in keeping the data losses and data sabotage at bay.  

In addition, it can work through the cloud and shed light on the otherwise unnoticeable and indiscernible cybersecurity blind spots. Thus, having Darktrace in place can act as an effective bulwark against the persistently aggravating insider threats. 

Summing Up 

The various stories, case studies, and examples presented herein are only a gist of the countless insider threats that plague businesses. Customarily, they remain an unpredictable terrain, but that doesn't mean you can ignore them. Any company failing to act on insider threats runs the risk of severe repercussions, including loss of reputation, revenue, and customer trust.  

Clearly, developing a threat response plan and adopting a solution like Darktrace Antigena is the best way to remain protected and outwit the enemy within. 

Liked what you read? Reach out to us to know more about the technology.