Mandiant, a leading cybersecurity firm wrote in their “Threat Landscape” report that every data breach investigated, I am talking 100% here, was a result of stolen credentials. This leaves me to conclude that every threat, if this is true, is a form of insider threat. As companies have tightened their security, even though they have a long way to go, hackers have concentrated their efforts perhaps a bit less on trying to break through these defenses, and perhaps more on trying to obtain legitimate access credentials through social engineering techniques. After all, it is much easier to craft an email that convinces an unsuspecting employee to give their credentials away than it does to try to break through security defenses.
Here’s a hypothetical situation. Suzy is a financial manager at a big name financial company in New York. The attacker composes an email impersonating an important client she learned of while gathering information on Suzy’s company website. She attaches a PDF to the email stating there is important information in the document, but in reality it is a “Rootkit” that will allow the hacker access to Suzy’s computer whenever she wants.
Suzy opens the email without a second thought and in the process, launches the rootkit. The malware quietly resides on Suzy’s computer allowing the hacker to come and go while downloading files and taking her time while working to increase her access to the network through Suzy’s credentials, a legitimate organization insider. Eventually the rootkit MAY be discovered, but probably long after the hacker has left with all the files she needed. Suzy unwittingly became an inside threat, and her company likely suffered because of it.
Now you understand why I ponder whether or not EVERY threat is an insider threat. Attackers often use stolen credentials to circumvent security and steal data. Along with Mandiant, whom I mentioned above, the 2015 Verizon Data Breach Investigations Report revealed an increase in stolen credentials. Attacks such as these take advantage of the human element, and no matter the amount you spend on the technological aspects of your security, attacks work because humans rarely change. They continue to make the same types of mistakes that give information and access to attackers. The hacker simply has to find the right employee to manipulate and they instantly become the insider, and thus an inside threat.
The best way to thwart the hacker is to continue to educate employees of these types of situations, and then hope they act upon that training.
Does the thought of a career fighting cyber crime excite you? If you want to make your career in cybersecurity, check out our programs and courses.
Mandiant “Threat Landscape: https://www.mandiant.com/threat-landscape/
2015 Data Breach Investigations Report: http://www.verizonenterprise.com/DBIR/2015/