Share this
Insider Threats During Times of Conflicts
by Reflare Research Team on Mar 20, 2023 7:31:00 PM
As organisations strive for diversity and inclusion across their employee groups, we must not lose sight of the fact that groups of employees are still individuals with their own beliefs, identities, and affiliations. As tensions continue to rise in the geopolitical world, cybersecurity professionals must be hawk-eyed for the emergence of new insider threats.
First Published 29th March 2022 | Latest Refresh 20th March 2023
Object Classification: Developer 0.693, Insider Threat 0.276, Chance to talk about Agile 0.997
5 min read | Reflare Research Team
Humans are good people
Some would argue that the human race is the most intelligent species on earth. However, despite this assumed intellect, others would argue that our tribal nature, obsession with the material, and occasional misuse of influence have run counter to all we humans could achieve.
But things are not all gloom and doom. We've actually done OK.
In historical terms, we have strived (with the odd bump along the way) to expand our 'tolerant & understanding' towards each other. As the saying goes, we humans have more similarities than differences. In more recent history, the accessibility of international travel, cross-language communication, and the collective accumulation of worldly knowledge have all taught us the benefits of universal cooperation on not just a local, regional, or national level, but on a truly interconnected global system.
Today, we see the positive impacts of this everywhere. For example, if you have ever visited Google’s office in Zurich, you would be unsurprised to find not just Swiss working in their buildings, but a large number of people from all over the world. The fact that we are able to get so many people with diverse backgrounds, experiences, and capabilities working in the same building is a representation of our collective progress and a sign of our times.
However...
If you have ever studied Economics 101, you may recall lesson one, sentence one - "Humans are not rational players".
As social and geopolitical tensions increase, so do the tensions within diverse groups. We are emotional beings first, and no matter how tolerant we think we are, there is rarely not a red line that once crossed, will start to tug us back towards our more primitive instincts. And we are starting to see this play out in organisational employee groups across many departments, in many industry sectors, in many countries.
Depending on an individual's disposition, perspective, and beliefs, some who may have otherwise been happy to openly collaborate with their colleagues may now find themselves unable to participate even in the most basic of water-cooler small talk.
From a cybersecurity viewpoint, this risk cannot go unaddressed.
Which brings us to the subject of insider threats.
The kaleidoscope of trust
Insider threats are a topic that many leaders find difficult to discuss openly. After all, most, if not all of us do not want to work in an environment where our leaders declare scepticism of their employees, or where we proactively foster a culture of mistrust towards our colleagues... just because we are different. The idea that 'one of us' may proactively plan to hurt our organisation, or potentially take steps to deliberately put us at risk is not only counterintuitive to the camaraderie of working groups, but is also quite frankly – disturbing.
But regardless of how disturbed we may or may not be, cybersecurity professionals must now start to increase their alertness to the real possibility of emerging insider threats.
In general, there are three types of insider threats:
- Malicious insiders
- Negligent insiders
- Infiltrators
Malicious Insiders
Malicious insiders are people who take advantage of their access to inflict harm on an organisation. A great example of an insider is Edward Snowden.
Edward Snowden was a contractor to the CIA in 2013 when he copied and released thousands of classified documents relating to secret and controversial government surveillance activities in the US and abroad before fleeing the country.
According to Snowden, he did it because he considered himself a patriot and he wanted to try and stop the violations of the US Constitution – something which many disagreed with and instead described him as a traitor.
Whatever Snowden thought of himself and whether people would agree with it is beside the point. The key here is that – he was a trusted person within the organisation and had access to some extremely sensitive documents.
Negligent Insiders
The first casualty of war is truth.
When a war breaks out and the fog of conflict starts to grow, propaganda machines start to kick in. As a result, information is often presented with one-sided news stories, and those amongst us who refuse to buy whatever narrative is given to us would scour the internet for alternative views.
This is when things can get dangerous because both state actors and cyber-criminals know that people who are desperate for information are very likely to put themselves at risk or disregard their security policies in order to get what they want, such as visiting harmful websites or installing software that they believe would help to bypass their government or organisation internet restrictions.
People who disregard policies and put their organisations at risk are categorised as negligent insiders.
Since the beginning of the Russian invasion of Ukraine and the associated cyber-attacks against a wide range of targets, the concept of strong cyber resilience has become the buzzword of the time.
Infiltrators
The least common but also the most dangerous threat to an organisation are the infiltrators. Infiltrators are external impostors who manage to obtain legitimate access to an organisation through, for example, social engineering.
Once inside the organisation, the infiltrators would try to gain access to sensitive documents or credentials that would further elevate their privilege without raising suspicion.
Infiltrators could be inside an organisation for a long time and may not perform malicious actions until they are activated.
These days wars are no longer limited to kinetic military actions but also economic sanctions and cyber warfare. For that reason, it is crucial for organisations to strengthen their defence especially when there is a conflict.
Following are some of the steps that can be taken to minimise the risk of insider threats:
1) Log, monitor, and audit employees' online activities so that any risky or suspicious behaviours can be discovered or detected quickly.
2) Immediately deactivate access following employee contract termination regardless of the circumstances.
3) Actively defend against malicious code by only allowing the installation of trusted software and restricting access to potentially harmful websites.
4) Make access compromise harder by enabling multi-factor authentication.
5) Monitor and respond to disruptive behaviour at work including signs of disgruntlement.
6) Restrict access to sensitive documents, systems, and infrastructures so that only those who need access to them to perform their duty.
If we were to be so bold as to suggest a seventh step, it would be to stay up-to-speed on the latest cybersecurity trends and analysis with your subscription to our research newsletter.
Additionally, you could explore some of our related articles to learn more.
Share this
- December 2024 (1)
- November 2024 (1)
- October 2024 (1)
- September 2024 (1)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- June 2023 (2)
- May 2023 (2)
- April 2023 (3)
- March 2023 (4)
- February 2023 (3)
- January 2023 (5)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (11)
- August 2022 (5)
- July 2022 (1)
- May 2022 (3)
- April 2022 (1)
- February 2022 (4)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (2)
- September 2021 (1)
- August 2021 (1)
- June 2021 (1)
- May 2021 (14)
- February 2021 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (2)
- March 2020 (1)
- February 2020 (1)
- January 2020 (3)
- December 2019 (1)
- November 2019 (2)
- October 2019 (3)
- September 2019 (5)
- August 2019 (2)
- July 2019 (3)
- June 2019 (3)
- May 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (3)
- November 2018 (5)
- October 2018 (4)
- September 2018 (3)
- August 2018 (3)
- July 2018 (4)
- June 2018 (4)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (3)
- January 2018 (3)
- December 2017 (2)
- November 2017 (4)
- October 2017 (3)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (4)
- May 2017 (4)
- April 2017 (2)
- March 2017 (4)
- February 2017 (2)
- January 2017 (1)
- December 2016 (1)
- November 2016 (4)
- October 2016 (2)
- September 2016 (4)
- August 2016 (5)
- July 2016 (3)
- June 2016 (5)
- May 2016 (3)
- April 2016 (4)
- March 2016 (5)
- February 2016 (4)