Cybercrime Triple Threat: Insecure Economy, Cybercrime Recruitment, and Insider Threats
The current state of economic instability due to the pandemic has resulted in an increase in layoffs across sectors, including the tech industry. Unfortunately, this situation creates the perfect conditions for individuals looking to exploit insider threats, especially when coupled with the growing sophistication of ransomware attacks, increased cybercrime recruitment efforts, and a persistent cybersecurity skills gap within organizations. In this article, we will discuss the intersection of these three factors and provide advice on how individuals and companies can stay protected.
The Cost of Insider Threats
Insider threats occur when an individual who is employed by a company or has permission to access its networks or systems causes a cyberattack. These attacks could be unintentional or malevolent and can come from current or former employees, business partners, board members, or consultants. According to the Ponemon Institute’s 2022 Cost of Insider Threats report, insider threat incidents have risen by 44% over the past two years, with costs per incident up over a third, to $15.38 million.
Laid-off employees who still have access to sensitive resources can pose a risk to the organization, either intentionally or inadvertently. Cyber attackers can leverage such individuals, especially when they opt to seek revenge, leading to potential malicious behavior from former employees.
Cybercrime Recruitment Efforts
As cybercrime becomes more organized and sophisticated, cybercriminal syndicates are adopting conventional business structures. Several organized departments, job roles, and hierarchies are accompanied by sophisticated recruitment strategies. The notorious Conti ransomware group is a business example which files were leaked in early 2022, indicating the group functioned as any other business, complete with a human resources lead, a recruitment director, etc.
Indeed, cybercriminals target insiders who might want to collaborate or offer support. The Russian-linked Doppelpaymer group actively sought insider assistance in achieving its goals by leveraging phone calls, social media and email. In the recent international bust of the group mentioned earlier, recruitment was found to be among their key strategies as they offered paid vacations and requested references to verify past cybercrimes. The Dark Web is also playing part in ramping up recruitment efforts. Many cybercrime syndicates, for instance, are offering employees competitive salaries and benefits where some jobs paid $20,000 per month plus other benefits such as PTO, paid sick leave, bonuses, and even employee referral programs.
How to Stay Vigilant and Protected
To mitigate insider threats, organizations need to identify suspicious behaviour by asking questions such as: Are users attempting to access files that they are not authorized to? Is there an attempt to move or copy confidential records? Are there users logging into the company’s IT systems beyond business hours? Organizations can also create a baseline of regular user activities carried out by suspicious users, which can be flagged as alerts. Moreover, analytics tools can receive database logs, and automated responses can be put in place to revoke access and stop data loss in case of a breach.
Mitigating insider threats necessitates a multifaceted approach. Employees should undergo cyber-hygiene training to recognize and report suspicious activities, and any employee who receives special access to sensitive digital resources should undergo a background check.
Organizations and their security leaders should utilize deception technology to create a fake network that automatically deploys decoys and lures that are indistinguishable from the traffic and resources used in the actual network. Network segmentation could also confine activity to certain areas, and data can be encrypted at all points, at rest, in use, and in transit. Proper configuration management tools can examine and spot quickly any new devices that are not configured correctly. Additionally, some solutions can track user activity and behavior, including violations of policies, thanks to machine learning detection of anomalous behavior. Organizations should use file tracking tools that monitor data access and file transfers and enhance identity and access management (IAM) with multi-factor authentication (MFA) use, for example.
Conclusion
The intersection of economic instability, cybercrime recruitment, and insider threats makes for a volatile digital environment. As such, individuals and organizations need to stay vigilant, recognizing that there is no one solution to tackle insider threats. The situation requires robust planning and multiple tech solutions, and it is mandatory to have a comprehensive perspective to secure the network. Addressing insider threats requires ongoing cyber hygiene training for employees to recognize and report suspicious activity, combined with a holistic cybersecurity defense strategy.
<< photo by cottonbro studio >>
