One of the most difficult problems for security professionals to grapple with is defending against dangers that come from within an organisation. Unfortunately, protecting against insider threats is often more complicated than traditional threat prevention. There are many different ways that an insider threat can manifest, making it necessary to approach the issue from a variety of angles in order to adequately address the risk. While this is a daunting task for security teams, it is a crucial part of a robust and layered security strategy. Insider threats can be extremely costly for an enterprise, as illustrated by the examples below.
Twitter Bitcoin Scam
In July of 2020, a number of high-profile celebrity and brand accounts tweeted out messages stating that all Bitcoin sent to their wallets for a period of time would be returned twofold—if someone sent $1000, they would receive $2000 back. The affected accounts included Kim Kardashian, Kanye West, Barack Obama, Joe Biden, Apple, and Uber. Twitter released a statement indicating that this attack was the result of employees with internal access falling victim to social engineering that allowed the bad actors to take advantage of their insider privilege. Losses from this incident totaled hundreds of thousands of dollars.
Cisco’s WebEx Attack
A 2018 incident involved a former Cisco employee, using network access retained from his employment, entering the systems of Cisco’s WebEx platform. He deployed code that deleted 456 virtual machines upon which the WebEx Teams application was hosted, which led to 16,000 WebEx Teams accounts being shut down for two weeks. In the end, it cost Cisco $1.4 million to remediate the incident and compensate customers who were affected by it.
Target Compromised Insider
In a major upset that took years to resolve in court, retail leader Target experienced a massive data breach in late 2013. The attackers stole the credentials of a third-party vendor and used the insider’s access to steal an unprecedented amount of sensitive customer data, such as up to 40 million debit and credit card numbers. Target has stated that the total cost of remediating the incident amounted to $202 million, including the $18.5 million court settlement reached in 2017.
Google’s Waymo Incident
A Google employee who had worked on the project of developing self-driving cars went on to steal documents from Google and use sensitive trade secrets to develop the self-driving truck company Otto. In 2016, he sold the company to Uber, which led to Google filing a lawsuit against Uber for theft of trade secrets through the insider’s indiscretion. The US Attorney’s Office of the Northern District of California pressed charges against the former Google employee, who reached a plea deal and paid $757,000 to Google and a fine of $95,000.
Anthem Breach
In 2017, healthcare giant Anthem BlueCross BlueShield experienced a breach of 18,000 Medicaid members’ data, including Social Security numbers, Health Plan ID numbers, names, dates of enrollment, and limited last names and dates of birth. The data was stolen via Anthem’s Medicare insurance coordination services vendor, which reported that an employee had emailed a file containing the sensitive information to his personal email address. This incident violated the privacy of thousands of members and led to a forensic investigation and fortifying weak security systems.
Capital One Hacker
In 2019, a former employee of Amazon Web Services hacked into a Capital One database hosted on the service. She stole the private information of over 100 million people, including “tens of millions” of credit card applications, 140,000 Social Security numbers, 80,000 bank account numbers, and one million Canadian social insurance numbers; she went on to boast about the breach on Twitter and Slack. Capital One estimated the total cost of the incident at up to $150 million.
Apple Leak
A former Apple intern in 2019 leaked parts of iOS source code; he aimed to share the code with a small circle of friends in a private Discord server, but it spread beyond the group and eventually ended up being posted on GitHub. It had previously been posted on Reddit, but the post was immediately removed by a moderating bot. Although the original intention was to help with jailbreaking an iPhone, Apple stated that “the security of our products doesn’t depend on the secrecy of our source code” and there was no significant security danger. Nonetheless, this incident is representative of the reach that data breaches can have and the apparent ease with which even an intern can leak important data.
All of the above were significant incidents that impacted massive corporations, proving that nobody is safe from insider threats. In fact, larger corporations experience more insider threats than small and mid-sized businesses. Although traditional threat detection and prevention is largely ineffective against insider threats, there are solutions designed for that purpose. Data detection and response technology aims to “address the long-standing challenges with protecting data” by using both content and context to analyze sensitive data and prevent leaks and breaches. Armed with the right information and a commitment to data security, an enterprise can build a sturdy defense against these potentially devastating threats.