insights.raconteur.net
Open in
urlscan Pro
108.138.7.15
Public Scan
URL:
https://insights.raconteur.net/rethink-insider-risk-and-data-loss-prevention/
Submission: On August 22 via manual from US — Scanned from DE
Submission: On August 22 via manual from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
WE USE COOKIES TO PERSONALISE CONTENT AND ADS, TO PROVIDE SOCIAL MEDIA FEATURES
AND TO ANALYSE OUR TRAFFIC
We also share information about your use of our site with our social media,
advertising and analytics partners who may combine it with other information
that you’ve provided to them or that they’ve collected from your use of their
services.
[#OOI_PERSONAL_INFORMATION#]
Use necessary cookies only Allow all cookies Show details
OK
Use necessary cookies only Allow selection Allow all cookies
Necessary
Preferences
Statistics
Marketing
Show details
Cookie declaration [#IABV2SETTINGS#] About
Necessary (35) Preferences (17) Statistics (25) Marketing (52) Unclassified
(9)
Necessary cookies help make a website usable by enabling basic functions like
page navigation and access to secure areas of the website. The website cannot
function properly without these cookies.
NameProviderPurposeExpiryTypeBombora (AWSELB)bomboraAmazon's load balancer
cookie for session stickiness - cookie set by Bombora, may be used to profile
users1 dayHTTPBombora (mltp)bomboraCache data for fast access - cookie set by
Bombora, may be used to profile users1 dayHTTPBombora (optout)bomboraTracking
user Opt-out - Bombora10 yearsHTTPBombora (u)bomboraPrevents duplicate events
from same impression - cookie set by Bombora, may be used to profile users1
dayHTTPpagead/landing [x2]GoogleCollects data on visitor behaviour from multiple
websites, in order to present more relevant advertisement - This also allows the
website to limit the number of times that they are shown the same advertisement.
SessionPixelpagead/viewthroughconversion/973469311GooglePendingSessionPixeltest_cookieGoogleUsed
to check if the user's browser supports cookies.1 dayHTTPCONSENT [x2]Google
YouTubeUsed to detect if the visitor has accepted the marketing category in the
cookie banner. This cookie is necessary for GDPR-compliance of the website. 2
yearsHTTPpagead/1p-conversion/#GoogleCollects data on visitor behaviour from
multiple websites, in order to present more relevant advertisement - This also
allows the website to limit the number of times that they are shown the same
advertisement. SessionPixelrc::eGoogleThis cookie is used to distinguish between
humans and bots. SessionHTMLcollectGoogleUsed to send data to Google Analytics
about the visitor's device and behavior. Tracks the visitor across devices and
marketing channels.SessionPixelpcs/activeviewGoogleUsed by DoubleClick to
determine whether website advertisement has been properly displayed - This is
done to make their marketing efforts more efficient.
SessionPixel__cf_bm [x3]Hubspot
Typeform
VimeoThis cookie is used to distinguish between humans and bots. This is
beneficial for the website, in order to make valid reports on the use of their
website.1 dayHTTPAWSALB [x2]RaconteurRegisters which server-cluster is serving
the visitor. This is used in context with load balancing, in order to optimize
user experience. 6 daysHTTPAWSALBCORS [x2]RaconteurRegisters which
server-cluster is serving the visitor. This is used in context with load
balancing, in order to optimize user experience. 6
daysHTTPCookieConsent [x2]CookiebotStores the user's cookie consent state for
the current domain1 yearHTTPli_gcLinkedInStores the user's cookie consent state
for the current domain179 daysHTTP__gadsGoogleUsed to register what ads have
been displayed to the user.1 yearHTTPblaize_sessionRaconteurControl cookie used
in connection to the website’s Content Delivery Network (CDN).139
daysHTTPGoogleAdServingTestGoogleUsed to register what ads have been displayed
to the user.SessionHTTP#.#-#-#-#-#.ackTypeformUsed to contain user’s survey and
quiz answers in Local Storage.PersistentHTML#.#-#-#-#-#.inProgressTypeformUsed
to contain user’s survey and quiz answers in Local
Storage.PersistentHTML#.#-#-#-#-#.queueTypeformUsed to contain user’s survey and
quiz answers in Local Storage.PersistentHTML#.#-#-#-#-#.reclaimEndTypeformUsed
to contain user’s survey and quiz answers in Local
Storage.PersistentHTML#.#-#-#-#-#.reclaimStartTypeformUsed to contain user’s
survey and quiz answers in Local Storage.PersistentHTMLAWSALBTGTypeformRegisters
which server-cluster is serving the visitor. This is used in context with load
balancing, in order to optimize user experience. 7
daysHTTPAWSALBTGCORSTypeformRegisters which server-cluster is serving the
visitor. This is used in context with load balancing, in order to optimize user
experience. 6 daysHTTPdebugTypeformThis cookie is used to detect errors on the
website - this information is sent to the website's support staff in order to
optimize the visitor's experience on the website.PersistentHTML
Preference cookies enable a website to remember information that changes the way
the website behaves or looks, like your preferred language or the region that
you are in.
NameProviderPurposeExpiryTypelang [x2]LinkedInRemembers the user's selected
language version of a
websiteSessionHTTPCookieConsentBulkSetting-#CookiebotEnables cookie consent
across multiple
websitesPersistentHTML@@scroll#RaconteurPendingSessionHTMLJSESSIONIDNew
RelicPreserves users states across page
requests.SessionHTTPvidyardSettingsVidyardUsed to determine the optimal video
quality based on the visitor's device and network settings.
PersistentHTMLprism_# [x2]prism.app-us1.comCollects information on user
preferences and/or interaction with web-campaign content - This is used on
CRM-campaign-platform used by website owners for promoting events or products.29
daysHTTPsmcx_330094_last_shown_atSurveymonkeyPendingSessionHTTPsmcx_330818_last_shown_atSurveymonkeyPendingSessionHTTPsmcx_336385_last_shown_atSurveymonkeyPendingSessionHTTPsmcx_383331_last_shown_atRaconteurPendingSessionHTTPCX_155153608SurveyMonkeyPending1
yearHTTPCX_155204557SurveyMonkeyPending1
yearHTTPCX_155707698SurveyMonkeyPending1
yearHTTPCX_160139769SurveyMonkeyPending1
yearHTTPCX_167219711SurveyMonkeyPending1 yearHTTP
Statistic cookies help website owners to understand how visitors interact with
websites by collecting and reporting information anonymously.
NameProviderPurposeExpiryType__utm.gifGoogleGoogle Analytics Tracking Code that
logs details about the visitor's browser and
computer.SessionPixel_ga [x2]RaconteurRegisters a unique ID that is used to
generate statistical data on how the visitor uses the website.2
yearsHTTP_gat [x2]RaconteurUsed by Google Analytics to throttle request rate1
dayHTTP_gid [x2]RaconteurRegisters a unique ID that is used to generate
statistical data on how the visitor uses the website.1
dayHTTPAnalyticsSyncHistoryLinkedInUsed in connection with data-synchronization
with third-party analysis service. 29 daysHTTPloglevelVidyardCollects data on
visitor interaction with the website's video-content - This data is used to make
the website's video-content more relevant towards the visitor.
PersistentHTMLvisitorIdVidyardRegisters statistical data on users' behaviour on
the website. Used for internal analytics by the website operator.
PersistentHTML__hsscRaconteurIdentifies if the cookie data needs to be updated
in the visitor's browser.1 dayHTTP__hssrcRaconteurUsed to recognise the
visitor's browser upon reentry on the website.SessionHTTP__hstcRaconteurSets a
unique ID for the session. This allows the website to obtain data on visitor
behaviour for statistical purposes.179 daysHTTP__qcaRaconteurCollects data on
the user's visits to the website, such as the number of visits, average time
spent on the website and what pages have been loaded with the purpose of
generating reports for optimising the website content.1
yearHTTP__utmaGoogleCollects data on the number of times a user has visited the
website as well as dates for the first and most recent visit. Used by Google
Analytics.2 yearsHTTP__utmbGoogleRegisters a timestamp with the exact time of
when the user accessed the website. Used by Google Analytics to calculate the
duration of a website visit.1 dayHTTP__utmcGoogleRegisters a timestamp with the
exact time of when the user leaves the website. Used by Google Analytics to
calculate the duration of a website visit.SessionHTTP__utmtGoogleUsed to
throttle the speed of requests to the server.1 dayHTTP__utmzGoogleCollects data
on where the user came from, what search engine was used, what link was clicked
and what search term was used. Used by Google Analytics.6
monthsHTTP_dltRaconteurSets a unique ID for the session. This allows the website
to obtain data on visitor behaviour for statistical purposes.1
dayHTTP_ga_#RaconteurUsed by Google Analytics to collect data on the number of
times a user has visited the website as well as dates for the first and most
recent visit. 2 yearsHTTPblaize_tracking_idRaconteurDetermines when the visitor
last visited the different subpages on the website, as well as sets a timestamp
for when the session started.11992 monthsHTTPhubspotutkRaconteurSets a unique ID
for the session. This allows the website to obtain data on visitor behaviour for
statistical purposes.179 daysHTTPpersonalization_idTwitter Inc.This cookie is
set by Twitter - The cookie allows the visitor to share content from the website
onto their Twitter profile. 2 yearsHTTPvuidVimeoCollects data on the user's
visits to the website, such as which pages have been read.2 yearsHTTP
Marketing cookies are used to track visitors across websites. The intention is
to display ads that are relevant and engaging for the individual user and
thereby more valuable for publishers and third party advertisers.
NameProviderPurposeExpiryTypeBombora (pi)bomboraRandomise device ID - cookie set
by Bombora that may help profile users1 yearHTTPBombora (tp)bomboraRotational
filter - cookie set by Bombora that may help profile users1 dayHTTPIDEGoogleUsed
by Google DoubleClick to register and report the website user's actions after
viewing or clicking one of the advertiser's ads with the purpose of measuring
the efficacy of an ad and to present targeted ads to the user.1 yearHTTPfrMeta
Platforms, Inc.Used by Facebook to deliver a series of advertisement products
such as real time bidding from third party advertisers.3 monthsHTTPtrMeta
Platforms, Inc.Used by Facebook to deliver a series of advertisement products
such as real time bidding from third party
advertisers.SessionPixelads/ga-audiencesGoogleUsed by Google AdWords to
re-engage visitors that are likely to convert to customers based on the
visitor's online behaviour across websites.SessionPixel__ptq.gifHubspotSends
data to the marketing platform Hubspot about the visitor's device and behaviour.
Tracks the visitor across devices and marketing
channels.SessionPixelbcookieLinkedInUsed by the social networking service,
LinkedIn, for tracking the use of embedded services.1
yearHTTPbscookieLinkedInUsed by the social networking service, LinkedIn, for
tracking the use of embedded services.1 yearHTTPli_sugrLinkedInCollects data on
user behaviour and interaction in order to optimize the website and make
advertisement on the website more relevant. 3 monthsHTTPlidcLinkedInUsed by the
social networking service, LinkedIn, for tracking the use of embedded services.1
dayHTTPUserMatchHistoryLinkedInUsed to track visitors on multiple websites, in
order to present relevant advertisement based on the visitor's preferences. 29
daysHTTPQuantcastquantcastPending1 yearHTTPmcQuantcastCollects data on the
user's visits to the website, such as what pages have been loaded. The
registered data is used for targeted ads.13 monthsHTTP_ccmsiBomboraUsed to track
which users have shown interest in what job postings. The cookie ensures that
the most relevant job postings are shown to the specific user.
PersistentHTML_fbpRaconteurUsed by Facebook to deliver a series of advertisement
products such as real time bidding from third party advertisers.3
monthsHTTP_gcl_auRaconteurUsed by Google AdSense for experimenting with
advertisement efficiency across websites using their services. 3
monthsHTTPac_enable_trackingRaconteurUsed to detect if the visitor has accepted
the marketing category in the cookie banner. This cookie is necessary for
GDPR-compliance of the website. 29 daysHTTPsmcx_0_last_shown_atSurveymonkeyUsed
in context with the website’s pop-up questionnaires and messengering. The data
is used for statistical or marketing purposes.SessionHTTPep#SurveyMonkeySaves
user states across page requests when completing a web-based survey.1
dayHTTPi/adsct [x2]Twitter Inc.The cookie is used by Twitter.com in order to
determine the number of visitors accessing the website through Twitter
advertisement content. SessionPixelmuc_adsTwitter Inc.Collects data on user
behaviour and interaction in order to optimize the website and make
advertisement on the website more relevant. 2 yearsHTTPi/jotTwitter Inc.Sets a
unique ID for the visitor, that allows third party advertisers to target the
visitor with relevant advertisement. This pairing service is provided by third
party advertisement hubs, which facilitates real-time bidding for advertisers.
SessionPixelRichHistoryTwitter Inc.Collects data on visitors' preferences and
behaviour on the website - This information is used make content and
advertisement more relevant to the specific visitor.
SessionHTML#-visitorIdTypeformPendingPersistentHTML_trackingplan_is_sampled_userTypeformCollects
user data through quiz/survey-like content. This allows the website to promote
relevant products or services.
PersistentHTML_trackingplan_sample_rateTypeformCollects user data through
quiz/survey-like content. This allows the website to promote relevant products
or services. PersistentHTML_trackingplan_sample_rate_tsTypeformCollects user
data through quiz/survey-like content. This allows the website to promote
relevant products or services. PersistentHTMLattribution_user_idTypeformUsed in
context with the website’s pop-up questionnaires and messengering. The data is
used for statistical or marketing purposes.1
yearHTTPdismissedBannersTypeformCollects user data through quiz/survey-like
content. This allows the website to promote relevant products or services.
PersistentHTMLexperiments-fingerprintTypeformCollects user data through
quiz/survey-like content. This allows the website to promote relevant products
or services. 6 monthsHTTPexperiments-rawTypeformCollects user data through
quiz/survey-like content. This allows the website to promote relevant products
or services. 6 monthsHTTPrl_anonymous_idTypeformRegisters statistical data on
users' behaviour on the website. Used for internal analytics by the website
operator. PersistentHTMLrl_group_idTypeformRegisters statistical data on users'
behaviour on the website. Used for internal analytics by the website operator.
PersistentHTMLrl_group_traitTypeformRegisters statistical data on users'
behaviour on the website. Used for internal analytics by the website operator.
PersistentHTMLrl_page_init_referrerTypeformRegisters how the user has reached
the website to enable pay-out of referral commission fees to
partners.PersistentHTMLrl_page_init_referring_domainTypeformRegisters how the
user has reached the website to enable pay-out of referral commission fees to
partners.PersistentHTMLrl_traitTypeformRegisters statistical data on users'
behaviour on the website. Used for internal analytics by the website operator.
PersistentHTMLrl_user_idTypeformRegisters statistical data on users' behaviour
on the website. Used for internal analytics by the website operator.
PersistentHTMLsessionInitiatedTypeformCollects user data through
quiz/survey-like content. This allows the website to promote relevant products
or services. SessionHTMLtf_random_idTypeformUsed to implement forms on the
website.PersistentHTMLVISITOR_INFO1_LIVEYouTubeTries to estimate the users'
bandwidth on pages with integrated YouTube videos.179
daysHTTPYSCYouTubeRegisters a unique ID to keep statistics of what videos from
YouTube the user has seen.SessionHTTPytidb::LAST_RESULT_ENTRY_KEYYouTubeStores
the user's video player preferences using embedded YouTube
videoPersistentHTMLyt-remote-cast-availableYouTubeStores the user's video player
preferences using embedded YouTube
videoSessionHTMLyt-remote-cast-installedYouTubeStores the user's video player
preferences using embedded YouTube
videoSessionHTMLyt-remote-connected-devicesYouTubeStores the user's video player
preferences using embedded YouTube
videoPersistentHTMLyt-remote-device-idYouTubeStores the user's video player
preferences using embedded YouTube
videoPersistentHTMLyt-remote-fast-check-periodYouTubeStores the user's video
player preferences using embedded YouTube
videoSessionHTMLyt-remote-session-appYouTubeStores the user's video player
preferences using embedded YouTube
videoSessionHTMLyt-remote-session-nameYouTubeStores the user's video player
preferences using embedded YouTube videoSessionHTML
Unclassified cookies are cookies that we are in the process of classifying,
together with the providers of individual cookies.
NameProviderPurposeExpiryType{"words":[#,#,#,#,#],"sigBytes":20}VidyardPendingPersistentHTML_ccmdtBomboraPendingPersistentHTMLsmcx_337279_last_shown_atSurveymonkeyPendingSessionHTTPsmcx_377963_last_shown_atSurveymonkeyPendingSessionHTTPsmcx_379088_last_shown_atSurveymonkeyPendingSessionHTTP_splunk_rum_sidSurveyMonkeyPending1
dayHTTPCX_155785446SurveyMonkeyPending1 yearHTTPCX_159610886SurveyMonkeyPending1
yearHTTPCX_159723255SurveyMonkeyPending1 yearHTTP
[#IABV2_LABEL_PURPOSES#] [#IABV2_LABEL_FEATURES#] [#IABV2_LABEL_PARTNERS#]
[#IABV2_BODY_PURPOSES#]
[#IABV2_BODY_FEATURES#]
[#IABV2_BODY_PARTNERS#]
Cookies are small text files that can be used by websites to make a user's
experience more efficient.
The law states that we can store cookies on your device if they are strictly
necessary for the operation of this site. For all other types of cookies we need
your permission.
This site uses different types of cookies. Some cookies are placed by third
party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration
on our website.
Learn more about who we are, how you can contact us and how we process personal
data in our Privacy Policy.
Please state your consent ID and date when you contact us regarding your
consent.
Your consent applies to the following domains: insights.raconteur.net,
www.raconteur.net
Cookie declaration last updated on 07.08.22 by Cookiebot
RETHINK INSIDER RISK AND DATA LOSS PREVENTION
CONTENTS
1. 1
UNDERSTANDING AND ADDRESSING HOW YOUR INSIDERS WORK TODAY
Insider threats can wreak untold havoc on an organisation. It’s critical
that security leaders prepare strategies for the three main insider risks
2. 2
WHEN OUTSIDERS BECOME INSIDERS
The credentials market is booming and it only takes one stolen password to
access your organisation. Here’s what you need to know
3. 3
THE RISE OF INSIDER THREATS
How has the insider threat landscape developed? And how safe do
organisations feel?
4. 4
WHY YOU NEED TO RETHINK INSIDER RISK AND DATA LOSS PREVENTION
Business has changed – so you need an insider threat management programme
now more than ever
5. 5
ENSURING YOUR DATA DOESN’T LEAVE WITH YOUR TALENT
The ‘great resignation’ means many organisations are scrambling to replace
lost talent, but are they fully aware of the risks to their data?
UNDERSTANDING AND ADDRESSING HOW YOUR INSIDERS WORK TODAY
Insider threats can wreak untold havoc on an organisation. It’s critical that
security leaders prepare strategies for the three main insider risks
Tamlin Magee
A healthy dose of paranoia is understandable and often even necessary in
cybersecurity, but in the case of insider threats – where the risk lies within
the organisation like a Trojan horse – leaders must strive to avoid
internalising a frenzied monomania that views every employee as a menace. After
all, “it is more shameful to distrust our friends than to be deceived by them,”
said Confucius.
But the unfortunate truth is that improperly managed staff can cause an
eye-watering amount of damage, whether due to negligence, because they’ve been
targeted, or malice. A Ponemon report conducted on behalf of Proofpoint claimed
insider threats caused as a result of compromised insiders almost doubled since
2020, when much of the world was working remotely due to the pandemic, and the
average annual remediation cost for insider-led incidents caused by careless or
negligent users was a staggering $6.6m. This is all complicated by the emergence
of a hybrid work world, where the traditional understanding of perimeter defence
no longer applies and ‘bring your own device’ was flipped on its head – with
staff bringing their work into their homes and therefore all the devices in
them.
Reputational damage, sensitive data, downtime, ransomware, and worse – these are
all potential outcomes from unchecked insider risk. But there are three core
kinds of insider threat leaders need to address, because the strategies to
manage them can drastically differ.
CARELESS USERS
Over half of all insider threats are due to negligence, and so were completely
avoidable. While important, training can go only so far, and organisations can’t
expect every employee to be a security expert on top of their ordinary workload.
What’s needed is to shape the fundamental make-up of an organisation into one
that’s security-aware.
“Tackling insider threat isn’t easy – these are, after all, people that were
employed to be trusted and do a job,” explains Dr Jason R C Nurse, associate
professor in cybersecurity, University of Kent, and author of Smart Insiders:
Exploring the Threat from Insiders using the Internet-of-Things. “Promoting a
healthy security culture first involves raising awareness of what ‘good’
security behaviour looks like, and making the security-related expectations from
employers crystal clear.”
That means everyone should know what is, and is not, acceptable. Businesses
should endeavour to create a culture of reporting anything that appears to be
strange – not paranoid, but vigilant. “Any reports should be treated in
confidence, but also, those who receive reports should cautiously investigate
without unwarranted accusations or actions,” Nurse says.
The perimeter “no longer exists,” says Lena Smart, chief information security
officer at database provider MongoDB. If every employee is working from a
different kitchen table or home office, with varying setups and network
accessibility, there’s “no such thing as a one-way path for network traffic”.
“All your entry points can just as easily become attack vectors, so everyone
needs to be involved and accountable,” she says.
85
%
of organisations consider unified visibility and control across the entire IT
eco-system moderately to extremely important when it comes to insider threats
Source
53
%
of organisations believe that detecting insider attacks has become significantly
to somewhat harder since migrating to the cloud
Cybersecurity Insiders 2021
85
%
of organisations consider unified visibility and control across the entire IT
eco-system moderately to extremely important when it comes to insider threats
53
%
of organisations believe that detecting insider attacks has become significantly
to somewhat harder since migrating to the cloud
Cybersecurity Insiders 2021
Achieving this accountability means eliminating blame culture and creating
spaces for reporting where people are not afraid to flag potential issues. For
example, Smart suggests, leaders could appoint ‘security champions’ who become
ambassadors for cybersecurity in their own departments – someone empathetic who
understands the day-to-day workloads of their colleagues, and can act as a
conduit to the IT security team if issues arise.
Similarly, internal whistleblowing hotlines can be a lifeline for flagging
urgent problems with security staff. But these must be created without any
negative connotations, and employees should understand that it’s always in the
best interests of the business that problems are reported – even if they think
the worst-case scenario has just occurred.
MALICIOUS EMPLOYEES
Whether for financial reasons or from feeling wronged, a committed employee can
cause a lot of damage. For example, in 2020, a ConocoPhillips employee created
fraudulent invoices to trick the oil giant into paying a friend’s business more
than $3m. The actions were part of a larger embezzlement scheme that totalled
nearly $7.3m. Businesses need monitoring capabilities to nip malicious insider
threats in the bud wherever possible. However, it’s far from desirable if staff
feel under surveillance at all times. A culture of fear and suspicion will not
encourage people to come forward when there are genuine threats that need
flagging, and employee wellbeing can suffer. What’s more, overstepping the mark
regarding privacy could lead to workplace grievances, as well as legal or
reputational damage for the company in charge.
“As with all things, there’s a balance,” says Nurse. “Organisations want to
protect themselves and their assets, while employees want to work without an
employer infringing their privacy.”
> Organisations want to protect themselves and their assets, while employees
> want to work without an employer infringing their privacy
One potential way forward to achieve this balance is for employers to be
completely transparent about what they record and why. They should be up-front
with employees how data is used, potentially in aggregate or anonymously unless
otherwise necessary, advises Nurse, to keep the organisation secure: “Anything
else may breed distrust which may further harm the relationships between
employer and employee.”
COMPROMISED INSIDERS
One of the most effective paths for attackers is to target employee credentials
and then exfiltrate data by stealth. In 2021, the United Nations confirmed that
the intergovernmental organisation had suffered a data breach of sensitive
information. The method: buying a UN employee’s username and password from the
dark web.
Anyone can log onto dark web marketplaces and take their pick from as many as 15
billion passwords that are up for sale. Whatever the strength of a password, if
it’s leaked once, it’s leaked forever, and all attackers need are for one set of
keys to work to gain access to networks.
These kind of insider threats need protecting, and robust security policies and
training are among the best methods for prevention.
“From a technical perspective, one of the simplest ways to protect company
credentials is by ensuring staff do not reuse the same password, or not to use a
password at all,” says Jake Rogers, CISO at digital assets manager, Copper.co.
“Most people will only have two or three password combinations and rely on using
the same password over and over, making an attacker’s job fairly straightforward
and incredibly lucrative.”
Counter-measures might include biometric passwords and two-factor authentication
via mobile devices, rather than relying on users to manage their own set of
text-based passwords.
Supply chain attacks, where a partner or secondary organisation to the primary
target is earmarked by hackers, heap on further complexity. Managing your own
organisation can be enough of a handful let alone worrying about the security
protocols of partner businesses.
But worry about them you must: one solution could be that businesses set up
strong security relationships with their supply chain partners, suggests Dr
Nurse, putting in place robust controls, security-related service agreements,
and continuous checks on partner access.
“Again, there is a balance to be maintained here,” Nurse adds. “Partners need to
be aware this is occurring and why: the aim is not to express distrust to the
extent it impacts the business relationship, but instead to raise the bar for
security across the entire supply chain.”
RETHINK INSIDER RISK AND DATA LOSS PREVENTION
* 1Understanding and addressing how your insiders work today
* 2When outsiders become insiders
* 3The rise of insider threats
* 4Why you need to rethink insider risk and data loss prevention
* 5Ensuring your data doesn’t leave with your talent
WHEN OUTSIDERS BECOME INSIDERS
The credentials market is booming and it only takes one stolen password to
access your organisation. Here’s what you need to know
Tamlin Magee
Now that almost everyone’s day to day existence is so bound up with their
digital presence, passwords no longer guard an email account or two – they guard
our entire lives. Disconcerting, then, that usernames and passwords can be
bought for a dollar per million compromised accounts, as was the case in 2021
when 500 million LinkedIn user profiles were discovered for sale on the dark
web.
Attackers often put credentials up for sale in what’s known as a ‘combo list’,
comprising hundreds of thousands of stolen username and password combinations.
In 2021, the ‘Compilation of Many Breaches’ signposted the future of the
credentials black market, when 3.2 billion combinations – about 40% of the
planet’s population, if each person were represented by a unique password – were
put up for sale.
That’s bad enough news for individuals but for businesses, all it takes is a
single stolen credential to gain access to corporate devices and networks,
unlocking a lucrative promised land for attackers who can use compromised
accounts to plant malicious files, or as a springboard to launch further
attacks. Outsider attackers can, in an instant, become insider threats.
For example, a cyber criminal ring led by a Florida teenager coerced a Twitter
employee to give up credentials for corporate administrative tools, leading to
takeovers of verified accounts used in a Bitcoin-promotion scam. The result was
$117k stolen from customers and demonstrated the impact a compromised account
can have.
Clearly, the cost of succumbing can easily bring the worst nightmare of every
CISO into reality: ransomware, losing corporate secrets, vast customer data
dumps, financial repercussions and reputational damage. Now, with techniques
like ‘credentials stuffing’, where attackers purchase huge tranches of usernames
and passwords and test their functionality with automation or even through
dedicated search engines, stealing credentials is a low-risk, high-reward
tactic, and it’s no wonder that it’s on the rise. In fact, for would-be
attackers, it’s a no-brainer.
The landscape for credentials theft has “grown dramatically”, says Jake Rogers,
CISO at crypto and digital assets company Copper.co, “and it now represents an
entire industry for criminal enterprise”.
This dramatic surge has occurred in tandem with the explosion in remote work:
since home working became a necessity for much of the world due to the pandemic,
credential thefts have almost doubled in volume.
While full-time home working is unlikely to remain a permanent fixture for
everybody, it’s almost certainly here to stay in some capacity, and this change
in environment has introduced manifold new potential entry points in home
networks and devices for organisations that operate without stringent remote
work policies in place.
“It’s common for employees to mix personal computer use with work use,” says Dr
Preethi Kesavan, head of the school of technology at the London School of
Business and Finance Singapore (LSBF). “Unless employees are properly trained on
bring your own device procedures, even the most comprehensive BYOD security
policies will fail.”
Due to this, says Kesavan, LSBF now enforces employees to use VPNs on all their
devices, including computers and mobile phones, so that they can connect to the
company network securely.
But even with technical measures like these, staff may unintentionally click on
phishing links in emails – the most common form of credential theft. As
effective as malware can be, social engineering can be even more useful because,
provided it’s crafted well enough to bypass spam filters, phishing is a
relatively simple process for the attacker.
And because successful phishing attempts depend on user negligence,
organisations “should foster a corporate culture in which employees are unlikely
to misuse their privileges or exfiltrate sensitive data,” says Kesavan. By
limiting unnecessary access for users, the benefits of stealing credentials are
also limited.
of insider incidents involved a malicious outsider stealing data by compromising
insider credentials
or accounts
51
%
of incidents
involved insider collaboration with a malicious outsider
18
%
Proofpoint 2022
of insider incidents involved a malicious outsider stealing data by compromising
insider credentials or accounts
51
%
of incidents involved insider collaboration with a malicious outsider
18
%
Proofpoint 2022
Successfully preventing breaches relies on a combination of running thorough
technical security protocols as well as managing the human risks, adds
Copper.co’s Rogers: “In our view, best practice incorporates a company-wide
culture of education, collaboration and technical expertise.”
Testing the literacy of employee understanding around security could look like
setting up faux honeypot attacks within an organisation, or implementing
table-top scenarios with various stakeholders throughout the company.
For database company MongoDB, experimenting with scenario planning to simulate
what organisation-wide responses would be has proved helpful. Although it’s
difficult to predict what the actual outcome of an attack will look like, these
exercises can provide an idea of questions that need to be answered, or
protocols to be followed, in the event the attacks actually occur.
“Some of the scenarios we’ve tackled include ransomware attacks, insider
threats, and phishing mishaps,” says MongoDB CISO Lena Smart, who made a point
of speaking with executive assistants as well as leadership due to their
likelihood of being targeted. “We have representatives from all major business
units including legal, finance, IT, HR, and our C-suite.”
Although attacks on organisations are inevitable, with a careful, proactive
security culture in place, many credential thefts are preventable. Leaders
should take heed and understand just how vulnerable their organisations can be
to insider threats.
“You need support from the top down in these events,” adds MongoDB’s Smart, “so
it’s satisfying to complete an exercise where everyone in the room is
comfortable with the role they play in helping keep us secure.”
RETHINK INSIDER RISK AND DATA LOSS PREVENTION
* 1Understanding and addressing how your insiders work today
* 2When outsiders become insiders
* 3The rise of insider threats
* 4Why you need to rethink insider risk and data loss prevention
* 5Ensuring your data doesn’t leave with your talent
THE RISE OF INSIDER THREATS
How has the insider threat landscape developed? And how safe do organisations
feel?
While credential thefts have doubled since 2020, negligent insiders make up the
majority of incidents
Percentage of incidents caused by each type of insider threat
56%
26%
Employee or contractor negligence
Criminal or malicious insider
18%
Credential thief (imposter risk)
Proofpoint, 2022
While credential thefts have doubled since 2020, negligent insiders make up the
majority of incidents
Percentage of incidents caused by each type of insider threat
56%
Employee or contractor negligence
26%
Criminal or malicious insider
18%
Credential thief (imposter risk)
Proofpoint, 2022
The frequency of companies experiencing insider incidents has increased
significantly
Percentage of companies that experienced over 21 incidents per year
53%
2018
60%
2020
67%
2022
Proofpoint, 2022
The frequency of companies experiencing insider incidents has increased
significantly
Percentage of companies that experienced over 21 incidents per year
53
60
67
%
%
%
2018
2020
2022
Proofpoint, 2022
And the time taken to contain an insider incident has also increased
Average time taken to contain an incident
77 days
85 days
2020
2022
Proofpoint, 2022
And the time taken to contain an insider incident has also increased
Average time taken to contain an incident
77
days
85
days
2020
2022
Proofpoint, 2022
Insider incidents are getting more expensive to resolve
The average overall cost per insider incident (USD)
$349,152
2016
$517,921
2018
$644,853
2020
$645,997
2022
Proofpoint, 2022
Insider incidents are getting more expensive to resolve
The average overall cost per insider incident (USD)
$349,152
$517,921
$644,853
$645,997
2016
2018
2020
2022
Proofpoint, 2022
And organisations are struggling to spot and resolve them
How difficult is it to detect and prevent insider attacks compared to external
cyber attacks?
More difficult than detecting and preventing external cyber attacks
About as difficult as detecting and preventing external cyber attacks
Less difficult than detecting and preventing external cyber attacks
10%
40%
50%
Cybersecurity Insiders, 2021
And organisations are struggling to spot and resolve them
How difficult is it to detect and prevent insider attacks compared to external
cyber attacks?
More difficult than detecting and preventing external cyber attacks
About as difficult as detecting and preventing external cyber attacks
Less difficult than detecting and preventing external cyber attacks
50%
40%
10%
Cybersecurity Insiders, 2021
There is still a long way to go for organisations to feel protected from insider
threats
How vulnerable is your organisation to insider threats?
Extremely vulnerable
7%
Very vulnerable
13%
Moderately vulnerable
46%
Slightly vulnerable
32%
Not at all vulnerable
2%
Cybersecurity Insiders, 2021
There is still a long way to go for organisations to feel protected from insider
threats
How vulnerable is your organisation to insider threats?
Extremely vulnerable
7%
Very vulnerable
13%
Moderately vulnerable
46%
Slightly vulnerable
32%
Not at all vulnerable
2%
Cybersecurity Insiders, 2021
RETHINK INSIDER RISK AND DATA LOSS PREVENTION
* 1Understanding and addressing how your insiders work today
* 2When outsiders become insiders
* 3The rise of insider threats
* 4Why you need to rethink insider risk and data loss prevention
* 5Ensuring your data doesn’t leave with your talent
Commercial feature
WHY YOU NEED TO RETHINK INSIDER RISK AND DATA LOSS PREVENTION
Business has changed – so you need an insider threat management programme now
more than ever
Chris Stokel-Walker
Insider risk and data loss are major concerns for any business. But the last two
years – which have seen employees working remotely, at home, or away from
corporate IT networks, increased digitalisation and cloud-first applications –
have made the problem even more acute. Insider threats have increased in
frequency and cost since 2020, according to research company the Ponemon
Institute. The average annualised cost of such threats is $15.4m per
organisation.
“We see this in the news all the time,” says Brian Reed, director of
cybersecurity strategy at enterprise security company Proofpoint. “Not only the
shift in working patterns but in addition we’ve heard the buzzwords: the ‘great
resignation’ and the ‘great reshuffling’. Security teams are racing to protect
their data, yet at the same time, users with legitimate access to sensitive data
and IP are racing just to get the job done. So, when they leave, it’s too easy
for people to take intellectual property out the door with them.”
Data loss is a “fundamental issue”, says Reed – and one that firms need to take
action on now to prevent long-term damage. To do so, it’s important that
businesses rethink their approach to insider risk and data loss prevention.
The average cost per insider incident
Employee or contractor negligence
$
484,931
Employee or contractor negligence
$
648,062
Credential thief (imposter risk)
$
804,997
Proofpoint 2022
The average cost per insider incident
Employee or contractor negligence
$
484,931
Criminal or malicious insider
$
648,062
Credential thief (imposter risk)
$
804,997
Proofpoint 2022
The old ways of thinking about security have changed. “People have become your
perimeter,” says Reed. “All those legacy security hang-ups we had around
infrastructure, location and geography have largely been neutralised in the wake
of this ‘work from anywhere’ world we live in.” Cybercriminals aren’t attacking
infrastructure anymore but are trying to leverage access through the people who
interact with the infrastructure. “It's not just script kiddies sitting in
grandma's basement like it was 20 years ago, launching DDoS (distributed denial
of service) attacks: it's a different world we live in – and we need to adapt
and understand that.”
While the types of attack and how they’re launched have altered, so too has the
definition of what an insider risk is to companies. More than half (56%) of
insider incidents tracked by the Ponemon Institute are caused by carelessness,
rather than deliberate actions. Employees are simply trying to get their job
done and meet their organisation’s goals, they’re not necessarily thinking about
the security risks. "You don't want to go after those people and harrass them as
they can be your best internal defence," Reed says. “You want to help train
those people, enable those people, and educate them.” In comparison, 26% of
insider threats are from malicious insiders who need to be reprimanded, and 18%
are from compromised users who need to be protected.
“Insiders aren't always your employees,” says Reed. They can be contractors,
third parties or supply chain partners. “They're not always people inside of the
four walls of your HQ sitting in your office.” This is why it’s more important
than ever to set up an insider threat management programme.
Doing so isn’t easy, however. Establishing an insider threat management
programme requires looking carefully at how your people and processes work
before throwing cash and technology at the problem. Reed advises not limiting
the scope of your programme to those in your information security and IT
departments. Instead, you should consider how the entire company interacts
including IT, HR, legal, compliance – and identify the weak links. “It's really
about understanding the scope and boundaries of your programme, the people who
are involved, your apps and your data,” he says.
Forrester's Best Practices for Mitigating Insider Threats 2021 Report details
10-steps to creating your insider threat management programme, and involves just
one step that includes implementing technology. Steps one to nine are laying the
groundwork that can enable the smooth deployment of the programme. And that
requires ensuring everyone within your company understands the risk of insider
threats – and the potential consequences of data loss. “A lot of these insider
threat incidents you're invariably going to encounter are cases of good or
careless people making bad decisions with good data,” warns Reed.
Proofpoint has helped thousands of customers worldwide develop and implement
their insider threat management programme. “We're doing that in a single unified
view, so that you can get visibility into the information users are creating and
accessing, and the applications that they’re using, and establish both the
context behind their risky behaviour and intent,” he says. This dovetails with
the range of Proofpoint products that can protect business-critical data from
cybersecurity incursions.
> A lot of these insider threat incidents you're invariably going to encounter
> are cases of good or careless people making bad decisions with good data
In addition, Proofpoint takes a holistic approach, bringing in experts to
understand the way a business works and advising companies on best practices and
tools to shore up their data in the most sensible, cost-efficient and effective
manner.
One such client is a large global pharmaceutical firm that was involved in the
early days of research for the Covid-19 vaccine. “Obviously, they have lots of
sensitive information,” says Reed. The company called in Proofpoint after it
noticed unauthorised data access and several attempts to steal protected data
deep in their legacy security tools in the stack. They instigated an insider
threat management programme that helped identify, contain and remediate these
risks.
FIVE SIGNS THAT YOUR ORGANISATION IS AT RISK
• Employees are not trained to fully understand and apply laws, mandates, or
regulatory requirements related to their work and that affect the organisation’s
security.
• Employees are unaware of the steps they should take at all times to ensure
that the devices they use – both company-issued and BYOD – are secured at all
times.
• Employees are sending highly confidential data to an unsecured location in the
cloud, exposing the organisation to risk.
• Employees break your organisation’s security policies to simplify tasks.
• Employees expose your organisation to risk if they do not keep devices and
services patched and upgraded to the latest versions at all times.
Ponemon Cost of Insider Threats Report, 2022
RETHINK INSIDER RISK AND DATA LOSS PREVENTION
* 1Understanding and addressing how your insiders work today
* 2When outsiders become insiders
* 3The rise of insider threats
* 4Why you need to rethink insider risk and data loss prevention
* 5Ensuring your data doesn’t leave with your talent
ENSURING YOUR DATA DOESN’T LEAVE WITH YOUR TALENT
The ‘great resignation’ means many organisations are scrambling to replace lost
talent, but are they fully aware of the risks to their data?
Duncan Jefferies
Two years on from the beginning of the pandemic, the great resignation shows
little sign of slowing. Many people are looking for more flexible or meaningful
roles, while others are seeking a less stressful take on the daily grind. It’s a
serious issue for businesses – and not just in terms of replacing lost talent.
When people leave, they often take vital data with them too. “The kind of data
that’s lost when employees leave an organisation is as varied as the different
types of businesses in operation,” says Sarah Edwards, a senior employment law
solicitor and GDPR expert at Howarths. “Some examples of data that is often lost
include things such as source code, information about operational processes,
intellectual property, sales contacts and pricing information, presentations
created by the employee and company financial data.”
Employees may mistakenly feel they have the right to take this data with them
when they move on. “People often see their work as very personal, rather than
necessarily belonging to their employer, and that makes controlling and
monitoring access to data very important,” says Andy Swift, technical director,
offensive security, at Six Degrees. “However, that is very easy to say but very
hard to actually implement properly.”
The high staff turnover businesses are currently experiencing could increase
their exposure to data loss. Edwards also points out that: “The portability of
data and the increase in home and remote working has also increased the risk
factor; data is no longer secured securely on company networks and is often
accessed from home and easily downloaded onto external media devises such as USB
drives or uploaded to cloud platforms.
IDENTIFYING RISKS
Although employees are bound to varying degrees of confidentiality, data
increasingly resides on their personal devices – sometimes innocently and
sometimes with the intention of exfiltration, says Ric Longenecker, CISO of Open
Systems. “A common, and not-so-innocent, scenario is when departing employees
plan to go into business for themselves, often using information or contacts
developed while working for their prior employer.”
Disgruntled former employees also pose a serious risk to an organisation’s data.
“Any access to infrastructure can be troubling, as a disgruntled employee can
damage infrastructure or erase code repositories,” says Russ Ernst, EVP of
products & technology at Blancco.
Not knowing who has access to what data can also lead to problems when people
leave. “If data is held by one person, team or department or is anyway
inaccessible or hidden from the wider organisation you are asking for trouble,”
says Alistair Dent, chief strategy officer at Profusion. “It creates
vulnerabilities where a sudden departure or disgruntled employee can cause a lot
of problems. By de-siloing data, you can reduce any single point of failure.”
of IT decision makers in US and UK organisations said the great resignation had
increased security risks in their company
71
%
of UK and US employees admit to having taken data with them when they quit
29
%
Tessian 2022
of IT decision makers in US and UK organisations said the great resignation had
increased security risks in their company
71
%
of UK and US employees admit to having taken data with them when they quit
29
%
Tessian 2022
This is important, as data loss can have a severe impact across many different
areas of the business. “The risks are operational, financial and reputational.
There are also regulatory risks in some sectors where the data lost – such as
credit card details and other financial data – could result in fines, but the
more common risks lie with loss of information or knowledge about how areas of
the business function,” says Ms Edwards. “This is data that could give others a
competitive advantage or information that could result in a loss of work.”
Longenecker raises another issue that could cause an organisation serious harm.
“There is always the possibility of former employees viewing themselves as
‘whistleblowers’ and publicly releasing internal email and other communications
that can have varying impacts, from embarrassed executives, damaged corporate
reputations, a share price drop and worse,” he says.
DATA PROTECTION
Organisations need to proactively tackle these risks to avoid sensitive data
following former employees out the door – starting with ensuring their leaving
processes are up to scratch. “In many cases, organisations do not have great
departure processes in place and often fail to close or suspend exiting
employees’ IT accounts, allowing them to log in and see information beyond their
tenure,” says Longenecker.
“Redacting system access, expiring certificates, removing VPN access… there is a
long list, and one of the pitfalls is often not keeping said list up-to-date,”
says Mr Swift. “New systems with their own unique access requirements get
brought online all the time, and making sure this list is reviewed regularly and
updated is important.” However, so is acting upon it. “All too often we see
policies for leavers, yet the reality of following the leaving process is often
far from ideal,” Swift adds.
Properly managing mobile devices is another important means of reducing the risk
of data loss. Ernst suggests that: “Enterprises can use an industry-recognised
mobile device data management system to provide some form of data
containerisation, have policies and checklists in place to remove access to data
and retrieve assets, complete a data erasure process, and then monitor to see if
the employee tries to access data after their departure date.”
Finally, Edwards advises employers to clearly communicate their expectations
concerning the removal of data from company systems, who owns that data, and
what it can and can’t be used for. “Investing in appropriate security systems,
such as blocking downloads to external devices without specific permission or
investing in specific data security software, is also a very sensible step to
take,” she adds.
RETHINK INSIDER RISK AND DATA LOSS PREVENTION
* 1Understanding and addressing how your insiders work today
* 2When outsiders become insiders
* 3The rise of insider threats
* 4Why you need to rethink insider risk and data loss prevention
* 5Ensuring your data doesn’t leave with your talent
PUBLICATION SPONSORED BY
Proofpoint, Inc. is a leading cybersecurity and compliance company that protects
organisations’ greatest assets and biggest risks: their people. With an
integrated suite of cloud-based solutions, Proofpoint helps companies around the
world stop targeted threats, safeguard their data, and make their users more
resilient against cyber attacks. Leading organisations of all sizes, including
more than half of the Fortune 1000, rely on Proofpoint for people-centric
security and compliance solutions that mitigate their most critical risks across
email, the cloud, social media, and the web. More information is available at
www.proofpoint.com.
Contributors: Tamlin Magee, Duncan Jefferies, Chris Stokel-Walker
Your sites feature HTML here...