Post on 09-Aug-2020
transcript
Malicious Insiders vs. Negligent End Users
The Human Factor
Liam ClearyCEO/OwnerSharePlicity
Jeff MelnickSystems EngineerNetwrix Corporation
Agenda
• Unwitting employees
• Security intelligence of end users
• Malicious insiders
• Q&A Session
• Prize Drawing
The Problem
• https://www.domaintools.com/resources/white-papers/survey-report-2018-
cybersecurity-report-card
• Cybersecurity incidents have increased in 2018
• 21% of respondents graded their security programs an "A"
• 42% rated their efforts a "B"
• 92% of grade A companies credited automation to their success
• Companies who graded as "D" and "F" ratings, reported their processes to
be manual
Unwitting Employees
• In most cases, a hacker is allowed access to information by an employee
• "Security is not in my job description" – An Employee
• "Everything should just be Secure" – An Employee
• "Why would anyone want to hack our data, it is just spreadsheets and documents" – An Employee
Unwitting Employees
• These employees have played a part in 52% of ALL data breaches (2016)
• https://www.comptia.org/about-us/newsroom/press-releases/2016/07/21/comptia-launches-training-to-
stem-biggest-cause-of-data-breaches
“Time and time again, we hear of employees causing data breaches, whether that be through leaving a USB device with important data lying around, or clicking on unsolicited links in emails. Such actions are rarely malicious, but more often the result of a lack of training, lack of knowledge or simply general carelessness.”
Graham Hunter, VP Certifications, Europe and Middle East, CompTIA
Unwitting Employees
• "It was just a link in an email"
• South Carolina’s 2013 Department of Revenue breach
• An employee who unknowingly clicked an email link opened the government agency to a
large-scale cyber-attack.
• Cost the state $14 million and compromised the personal and financial data of millions of
residents.
How do Unwitting Employees get Duped?
Phishing Spear-phishing Personal Devices
Weak PasswordsQuestionable
BrowsingSocial Media
Unsecured Wi-FiFree Software,
Addons or Browser Extensions
Security Intelligence of End Users
• End users have best and good intentions
• Not trying to actively open the door for hackers
• Just want to do their job in the easiest way possible
• Think that they are secure, with how they work
• E.g. Writing passwords on a sticky note under the keyboard
Security Intelligence of End Users
• Not able to spot malicious emails easily
• Not able to spot malicious links easily
• Not able to spot fake emails easily – E.g. Microsoft support emails
• Not able to identify when login pages are fake
• Not checking for valid SSL traffic – Are we really expecting this?
Most Common Phishing Emails
• Amazon Cancellation Scams
• A fake Amazon order and offer to cancel it
• Fake PayPal Scam Emails
• A fake PayPal transaction to alarm you
• Facebook Activity Alerts
• Imitating genuine Facebook notifications
• Disputed Payment Emails
• A false claim that a transaction is due
• Google and Gmail Alert Scams
• Attempts to get your login details
Images courtesy of MalwareBytes and Tech. Co
Security vs Usability
Multi-Factor Authentication
17 Character Passwords
Do Not Click Any Link Ever in Emails
Leave USB Drives Lying Around
How to Win the Battle
• Ongoing, Relevant and Engaging Training
• "Defense-in-depth"
• Test End Users
• Phishing Simulations
• Educate Threat Intelligence
• Provide Easy Tools
The Danger of Insider Threats
Why Insider Threats Are So Hard to Detect
• Malicious insiders can lurk undetected for years
• Hard to notice malicious intentions in the daily routine
• Tech-savvy employees are aware of how to conceal harmful
actions
• Malicious insiders can prey on unwitting employees
Why Malicious Insiders Take Risks
Good
moment
Corporate
espionage
Own
business
Revenge
Statement
Data
Ownership
Categories of Malicious Insiders
SaboteurCareer launcher Second streamer
Source: Gartner
What Malicious Insiders Seek
Business
secretsCustomers
data
Steps to Be Taken
Definesensitive
data
Monitor users
behavior
Use dataclassification
People-centric security
Source: Gartner
User Abnormal Behavior Analysis
• Someone is actively accessing data
• Someone has undertaken too many failed access
attempts to access data
• Someone is actively accessing stale data
• Someone is accessing data outside business hours
• Someone is trying to log in from different endpoints
• Someone has created new user accounts
• Someone is massively deleting data
Useful links
Online TestDrive: experience Netwrix Auditor with no download or installation
required https://www.netwrix.com/browser_demo.html
Live One-to-One Demo: product tour with Netwrix expert
netwrix.com/livedemo
Contact Sales to obtain more information: netwrix.com/contactsales
If you want to learn more about Netwrix Auditor, register now for the upcoming product demo!
Questions?
Prize Drawing
www. .com
Thank you!
Liam ClearyCEO/OwnerSharePlicity
Jeff MelnickSystems EngineerNetwrix Corporation