The FBI Cyber Division Releases Private Industry Notification on Insider Threats
May 22, 2019
On April 23, 2019 the Federal Bureau of Investigation, Cyber Division released a private industry notification titled, Cyber Insider Threat Actors Disrupt Networks and Steal Data, Inflicting Significant Losses to U.S. Businesses, to assist security professionals and system administrators to protect against cyber threats and cyber criminals. Each year organizations place their focus on safeguarding their business from popular external cyber threats including, phishing emails, SQL injection attacks, or DNS hijacking, but few consider the threats that lie internally within their organization – insider threats.
According to Cybersecurity Insiders and CA Technologies’ Insider Threat 2018 Report, 90 percent of organizations feel vulnerable to insider threats; reporting the main enabling risk factors as too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%). The FBIs private industry notification identified insider threat trends over the past three years that included:
- The damage actors caused most often led to network and operation disruption, data deletion, theft of proprietary information, or the compromise of personally identifiable information of customers and employees.
- The average reported loss due to an insider threat was $3.5 million.
- Actors typically had a history of discipline for poor conduct or misusing company assets, and in most cases held an Information Technology role within the company.
The Common Methods Used by Insider Threat Actors
Insider threats can occur through human error or malicious intent – identifying abnormal behaviors and patterns of suspicious activity in your employees is important for managing internal cyber risk. The FBI reported a number of common methods that actors use to steal data that an employee in any role can achieve:
- Stealing employee and customer data or exploiting their privileged access to profit from unauthorized sales.
- Contacting and bribing former coworkers to provide client lists, company data, or network access.
- Using existing or shared administrative credentials and knowledge of company networks and culture to steal data and disrupt operations. Some also used their inside knowledge to conceal their activities, with varying success.
- Other methods are conducted by actors with more of an IT or technical background:
- Creating backdoors into company networks and using remote access software or tools
- to log into company networks.
- Installing malware and keyloggers on company computers and devices.
- Social engineering other employees, such as the Help Desk or other third-party contractors, to share or reset passwords.
Detection and Protection of Insider Threats
Your business is at risk when your data becomes vulnerable to insider threats. Commonly, the types of data that is vulnerable to insider threats are financials, customer and employee data, credentials and passwords, PII and PHI, intellectual property, and network, infrastructure controls. Best practices for advanced detection and prevention of insider threats include creating policies and procedures that limit privileges and access to confidential data and implementing security tools such as Data Loss Prevention and encryption of data, Identity and Access Management, and endpoint and mobile security. Moreover, the FBI recommends maintaining an audit of administrative accounts, and ensuring all company network systems and database credentials is revoked following an employee leaving the company, as well as monitoring data uploads to all media, email, or cloud storage outside of the company network.
For more information on managing insider threats, reach out to our security professionals to learn more about our Managed Detection and Response solution to monitor your networks and systems 24/7 at email@example.com or 855-732-8826.