- Insider threats and their impact on businesses
- Assigning a $ cost to the data breaches by insiders
- Types of insider threats today
- Why would our employees be a risk to our organization?
- How SysCloud protects your organization from insider threats
- Free threat report
- References/sources
- Attackers do not get in by penetrating or breaking down network firewalls but via weak trusting employees e.g. phishing.
- Some employees (users) may indulge in activities which are damaging to the organization.
Insider threats and their impact on businesses
Data breaches, when reported in the media, cause irreparable damage to the business involved in terms of reputation and customer’s trust. Additionally, legal obligations may mandate public disclosure of such a leak. Furthermore, the breached data may be sensitive in nature such as: PII, login credentials, IP or Health Records. This exposure of key customer and business data puts both parties at risk. All businesses are heavily invested in perimeter security tools for IDS, network monitoring, DLP, etc. and have dedicated personnel to monitor it; however, in many cases, they ignore the insider threat. A report by Intel Security titled, “Grand Theft Data Data Exfiltration Study: Actors, tactics, and detection”2 mentions that data exfiltration is a clear danger to many organizations. The report mentions that insiders were responsible for about 43% of data loss regardless of whether it is deliberate or accidental. In the Verizon 2016 data breach investigation report1, there were a total of 10,489 incidents. The report mentions that “Retail Industry had 370 breaches of which 109 were from small businesses (less than 1000 employees) and 23 Medium and 238 Unknown.” According to the report, insider and privilege misuse accounted for more than 15 % of all incidents and internal threat actor accounted for 77 % within this category.
Assigning a $ cost to the data breaches by insiders
Types of insider threats today
Data exfiltration: Authorized employee taking valuable data out of the organization’s cloud apps with malicious intent (IP, PII thief).
Malicious users: Disgruntled employees who delete, overwrite, expose and steal valuable data with mala fide intent. (Saboteur, Media leaker activist).
Compromised accounts: Detect accounts broken into by hackers and stop attacks in their tracks (Negligent employee).
Cloud malware: Discover, Monitor and Control third party apps installed by users in the Google Apps platform.
Ransomware: Recover from ransomware data damage by easily restoring data from our backups.
Compliance: Ready to use templates for PCI, HIPAA, FERPA, SOX, CIPA with hundreds of controls and workflows. Full compliance law audit reports and intelligent dashboards.
Phishing fraudulent emails: sent by attackers posing to be from reputed trustworthy organizations with malicious intention to obtain personal identifiable information (PII), account credentials. Some insiders may be duped by this and give out the sensitive information.
Why would our employees be a risk to our organization?
Malicious users: Employees who delete, overwrite, expose and steal valuable data with mala fide intent.
Negligent IT team member: Does not enable and use multi-factor authentication. Had a strong password but it was broken into due to a similar password used at another site that was hacked. The attacker has broken into the privileged admin accounts. This is the worst nightmare scenario for any organization and they are not even aware of it.
Gullible executive: Phishing Attack scenario: Working in Finance / Purchase Dept. responded to fraudulent emails sent by attackers posing as existing suppliers or as their own CEO and this executive gives away Bank Account related information because he thinks the request is genuine from a trusted source.
Privileged user: Data Exfiltration Authorized employee with valid credentials and privileges, exports data from the cloud apps with malicious intent
Press news leaker: Disillusioned with your organization due to any reason including recent downsizing, cost cutting measures, with management in terms of strategic direction, product positioning, market focus, customer service and layoffs, etc and is now in contact with media for telling the story and revealing confidential and intellectual property roadmap secrets.
Careless employees: Installing cloud apps from Google Apps Marketplace developed by unknown companies introduces Malware in the organization’s Google drive and causes damage till the IT team discovers and removes the malware.
How SysCloud protects your organization from insider threats
Our software scans Cloud Apps (Google Apps including Gmail, Hangouts, Drive and Salesforce, Box, etc) data and user behavior, looking for various factors including:
- Sensitive data (based on customer business specialization)
- User Behavior including:
- Shared externally
- Shared externally count
- Heavy downloads
- Abnormal deletes
- Abnormal exports
- Time of day of activities
- IP address
- Location
- Simultaneous login
- Heavy Acl (access control list) change activity
- Url links inside emails or documents
- Role of a user in an organization
- Contextual data analysis
1. SysCloud uses data analytics and machine learning algorithms to detect various threats like malicious insiders, data exfiltration, compromised accounts, compliance, etc
2. SysCloud policy engine automatically protects you from threats
3. SysCloud alert, incident response, and exception management software allows you to be on top with ease
Free threat report
Install the SysCloud threat detection App from the Google Apps marketplace. This will scan and give you a free threat report. This report details specific threats using our analytics engine aided by machine learning. The report contains threat cards which provide risk insights into your organization’s cloud Apps data, users and Apps. Each card provides an insight specific to your industry, which can be further drilled down. Every card will also allow the IT team to take various actions specific to their business to mitigate the risk detailed in the card.
References/sources
1. Verizon's 2016 Data Breach Investigation Report 2016, http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
2. Intel Security, Grand Theft Data Data exfiltration study: Actors, tactics, and detection: http://www.mcafee.com/us/resources/reports/rp-data-exfiltration.pdf
About SysCloud Founded in 2010, SysCloud is a Google for Work Premier Partner. SysCloud detects and stops insider threats across cloud apps, which can damage an organization and its brand. The platform is currently used by over 1,500,000 users from 32 countries around the world. SysCloud has offices in California, New Jersey, and India. For more information please contact us at sales@syscloud.com or visit us at www.syscloud.com