Malicious Insiders vs. Negligent End Users

The Human Factor

Liam ClearyCEO/OwnerSharePlicity

Russell McDermottNetwrix Systems Engineer

Agenda

• Unwitting employees

• Security intelligence of end users

• Malicious insiders

• Q&A Session

The Problem

• https://www.domaintools.com/resources/white-papers/survey-report-2018-

cybersecurity-report-card

• Cybersecurity incidents have increased in 2018

• 21% of respondents graded their security programs an "A"

• 42% rated their efforts a "B"

• 92% of grade A companies credited automation to their success

• Companies who graded as "D" and "F" ratings, reported their processes to

be manual

Unwitting Employees

• In most cases, a hacker is allowed access to information by an employee

• "Security is not in my job description" – An Employee

• "Everything should just be Secure" – An Employee

• "Why would anyone want to hack our data, it is just spreadsheets and documents" – An Employee

Unwitting Employees

• These employees have played a part in 52% of ALL data breaches (2016)

• https://www.comptia.org/about-us/newsroom/press-releases/2016/07/21/comptia-launches-training-to-

stem-biggest-cause-of-data-breaches

“Time and time again, we hear of employees causing data breaches, whether that be through leaving a USB device with important data lying around, or clicking on unsolicited links in emails. Such actions are rarely malicious, but more often the result of a lack of training, lack of knowledge or simply general carelessness.”

Graham Hunter, VP Certifications, Europe and Middle East, CompTIA

Unwitting Employees

• "It was just a link in an email"

• South Carolina’s 2013 Department of Revenue breach

• An employee who unknowingly clicked an email link opened the government agency to a

large-scale cyber-attack.

• Cost the state $14 million and compromised the personal and financial data of millions of

residents.

How do Unwitting Employees get Duped?

Phishing Spear-phishing Personal Devices

Weak PasswordsQuestionable

BrowsingSocial Media

Unsecured Wi-FiFree Software,

Addons or Browser Extensions

Security Intelligence of End Users

• End users have best and good intentions

• Not trying to actively open the door for hackers

• Just want to do their job in the easiest way possible

• Think that they are secure, with how they work

• E.g. Writing passwords on a sticky note under the keyboard

Security Intelligence of End Users

• Not able to spot malicious emails easily

• Not able to spot malicious links easily

• Not able to spot fake emails easily – E.g. Microsoft support emails

• Not able to identify when login pages are fake

• Not checking for valid SSL traffic – Are we really expecting this?

Most Common Phishing Emails

• Amazon Cancellation Scams

• A fake Amazon order and offer to cancel it

• Fake PayPal Scam Emails

• A fake PayPal transaction to alarm you

• Facebook Activity Alerts

• Imitating genuine Facebook notifications

• Disputed Payment Emails

• A false claim that a transaction is due

• Google and Gmail Alert Scams

• Attempts to get your login details

Images courtesy of MalwareBytes and Tech. Co

Security vs Usability

You Will Use Multi-Factor Authentication

You Will Have 17 Character Passwords

You Will Not Click Any Link Ever in Emails

You Will Not Leave USB Drives Lying Around

You Cannot Make Me Do It!!

How to Win the Battle

• Ongoing, Relevant and Engaging Training

• "Defense-in-depth"

• Test End Users

• Phishing Simulations

• Educate Threat Intelligence

• Provide Easy Tools

The Danger of Insider Threats

Why Insider Threats Are So Hard to Detect

• Malicious insiders can lurk undetected for years

• Hard to notice malicious intentions in the daily routine

• Tech-savvy employees are aware of how to conceal harmful

actions

• Malicious insiders can prey on unwitting employees

Why Malicious Insiders Take Risks

Good

moment

Corporate

espionage

Own

business

Revenge

Statement

Data

Ownership

Categories of Malicious Insiders

SaboteurCareer launcher Second streamer

Source: Gartner

What Malicious Insiders Seek

Business

secretsCustomers

data

Steps to Be Taken

Definesensitive

data

Monitor users

behavior

Use dataclassification

People-centric security

Source: Gartner

User Abnormal Behavior Analysis

• Someone is actively accessing data

• Someone has undertaken too many failed access

attempts to access data

• Someone is actively accessing stale data

• Someone is accessing data outside business hours

• Someone is trying to log in from different endpoints

• Someone has created new user accounts

• Someone is massively deleting data

What’s Next?

Join the next sessions of our Security Awareness Program:

‘Know What Works: How to Succeed Despite the Shortage of IT Security Talent’

December 4 @ 2 pm GMT / 3 pm CET

‘A Firm Foundation: Building a Culture of Cybersecurity Awareness’

December 6 @ 2 pm GMT / 3 pm CET

Online TestDrive: experience Netwrix Auditor with no download or installation required

https://www.netwrix.com/browser_demo.html

Live One-to-One Demo: product tour with Netwrix expert

netwrix.com/livedemo

Contact Sales to obtain more information: netwrix.com/contactsales

If you want to learn more about Netwrix Auditor, register now for the upcoming Product Demo!

www. .com

Thank you!

Liam ClearyCEO/OwnerSharePlicity

Russell McDermottNetwrix Systems Engineer