IamSpotted: Adventures in Cybersecurity

https://thehackernews.com/2024/07/navigating-insider-risks-are-your.html

I really enjoyed this article about insider threats and how you can mitigate them. First it discusses how employees become accidental threats. All four of the following reasons make perfectly good sense to me since I have worked outside of the IT/cybersecurity field before making a transition. In my opinion, lack of awareness is likely prevalent across all industries and fields. I’ve seen it at my old jobs and at my current one. There are some that just see an email that looks to be from a trusted source and they click links without verifying the sender or the link. I’ve also come to realize that if the leadership at the company doesn’t buy into security awareness, then it is especially difficult to get the rest of the employees to take it seriously as well. I find this unfortunate, because a lot of cyber attacks could be prevented by basic awareness when checking emails. Another one of the bullet points was Poor Credential Handling. This is also something I see a lot now that I’m working in the IT field. The number of people who have written down passwords stashed around their desk amazes me. I’ve asked some about it and I’ve been told that they have too many passwords to remember. When I hear that, I always recommend that they look into a password manager so that they really only have to remember one password and the rest are stored securely. So far, out of all the people I’ve suggested it to, only one person has actually followed through and started using a password manager. The next time I saw them, they were so happy with the password manager and told me they wished they knew about it sooner.

In the next section, the writer discussed various ways that accidental insiders assist with external attacks. He mentions how the attackers use phishing emails for inital access, then they elevate their privileges, next they start lateral movement, and use social engineering as needed. At each point he describes how someone on the inside could help the attackers accidentally.

Once they have executed their attack, we see the consequences of having an accidental insider. The damage done can be financial, reputational, operational, or intellectual. One company I worked for got hit with ransomware on two different occasions before I worked there. When you get hit with ransomware, all four of those categories get affected to some extent. I’m obviously not familiar with all the details, but I was told that there were many long nights trying to recover and everyone that was there could tell me how it affected them, all the way from people without accounts up to the CEO.

Finally, the article discussed ways that you can reduce the risk of an accidental insider. This ranges from Security Awareness training to Instituting a culture of security. Currently, I run the phishing awareness training for my employer. I really enjoy this and it’s always fun to hear from people when it starts to click in their head. When I first started, we hardly ever got suspicious emails reported. Now, as the employees are learning what to look for, they are starting to report more suspicious emails. Most of the time, they have been harmless, but we have also had a few reported that did have either malicious links or malicious files attached.

This article is a great read and I highly recommend you take a look at it!