Danger from Within: Dealing with Insider Threats to Cyber Security

View all blog posts under Articles | View all blog posts under MSCS

Perhaps the scariest cyber security threats are those perpetrated by insiders in collusion with other organizations.

Sensitive data can be found either online or through phishing scams perpetrated on insiders, including employee data, client data, legal info, Social Security numbers, financial information, legal documents, and email addresses.

Internet users enjoy the social networking opportunities found online, trusting their favorite sites to keep their information private and secure. Snapchat, the popular social media app that allows users to share picture and video stories with their friends, is finding out the hard way just how difficult that duty can be.

An exposé by Vice.com’s Motherboard informs readers that two Snapchat employees overstepped their bounds to access user phone numbers, saved Snaps (images or videos), and email addresses. The employees in question used a tool called SnapLion to access private information, a tool that was intended to be implemented only at the behest of courts or valid law enforcement agents, according to tech writer Joseph Cox in “Snapchat Employees Abused Data Access to Spy on Users.”

“Although Snap has introduced strict access controls to user data and takes abuse and user privacy very seriously according to several sources, the news highlights something that many users may forget: behind the products we use every day there are people with access to highly sensitive customer data, who need it to perform essential work on the service,” Cox writes. “But, without proper protections in place, those same people may abuse it to spy on users’ private information or profiles.”

Tomorrow’s cyber security leaders should understand the gravity of their responsibilities to end users’ privacy and safety when studying cyber security curriculum in school. Students who earn a degree in an online cyber security master’s program can expect to face issues surrounding insider threats their professional careers.


The Constantly Growing Insider Threat

According to assessments included in Dtex Systems’ “2018 Insider Threat Intelligence Report”:

  • 78% of companies reviewed were found to have sensitive data available publicly online (up 14% from the previous year)
  • 67% of assessments uncovered inappropriate use of the internet by employees (such as for gambling and pornography)
  • 90% of companies transferred sensitive data using unencrypted USB drives

The Dtex report also lists the types of data that are at risk. Sensitive data can be found either online or through phishing scams perpetrated on insiders, including employee data, client data, legal info, Social Security numbers, financial information, legal documents, and email addresses.

To complicate matters, Dtex also found that 72% of its assessments revealed unauthorized use of high-risk applications on company networks. High-risk apps and programs include OpenVPN tools (used to bypass internet surfing restrictions), uTorrent (used for piracy), Wireshark (used to capture data from Wi-Fi signals), and Ccleaner (used to erase questionable histories from computers). These programs tend to point toward unacceptable activities taking place on workplace computers and networks.

Perhaps the scariest cyber security threats are those perpetrated by insiders in collusion with other organizations. Insider collusion can involve incidents of fraud, intellectual property theft, disgruntled employees, and the sale of exfiltrated data to third parties.

In “These 5 Types of Insider Threats Could Lead to Costly Data Breaches” on SecurityIntelligence.com, Jasmine Henry writes, “Insider collaboration with malicious external threat actors is likely the rarest form of criminal insider risk, but it’s still a significant threat due to the increased frequency of attempts by professional cybercriminals to recruit employees via the dark web.”

Some insider threats are very difficult to guard against completely. Others, however, can be improved upon by upgrades in employee training and other easily implemented procedures.


Making Strides Toward Reducing Insider Threats

Malicious actors can cause a lot of damage, especially to data-heavy businesses. But even those malicious players would have less opportunity to infiltrate a system if trusted employees understood better what to do and what not to do regarding the handling of sensitive data.

Disgruntled or greedy employees colluding with third-party agents are very difficult to catch in the act unless they are under full-time surveillance, according to security strategies consultant Christopher Burgess’s CSO Online article, “How Pervasive is the Insider Threat in Your Company?”

Burgess points out that data loss prevention (DLP) safeguards, regular and timely system updates, thorough employee training, and re-validation of login credentials can help to reduce the number of times employees accidentally leave their company’s data open to prying eyes. Still, ill-intent and competence can bypass such measures if malicious actors are determined enough.

Businesses should have company-wide, mandatory security awareness policies for all. According to Infosec’s “Top 10 Security Awareness Training Topics for Your Employees,” security management teams should require, at minimum, policies for:

  • Keeping desks free of papers, printouts, and other material that could make sensitive data visible to prying eyes.
  • Bring-your-own devices (BYOD) designed to restrict use of personal smartphones, tablets, laptops, and (the most recent addition to this list) Internet-of-Things devices.
  • Data management practices, especially concerning backed-up and valuable data such as client contracts.
  • Removable media usage and safeguarding procedures ranging from using encrypted thumb drives to transfer data to using only approved USB drives.
  • Safe internet habits ranging from the use of social networking sites to questionable or frequently malware-laden sites that do not in any way pertain to work.
  • Email use, especially regarding fraudulent and unsolicited emails, chain emails, and emails with unknown attachments.

Privileged access and identity management solutions are available to enterprises of all types and go a long way toward preventing, or at least reducing, insider threats. In “Do You Know Which Cybersecurity Tools Really Address Insider Threat?”, ObserveIt.com defines access management as restricting the degrees of privilege employees may have based on their individual roles and responsibilities.

Identity management, on the other hand, can be used to keep track of login credentials and formulate difficult-to-hack passwords. Used in conjunction with other cyber security measures, identity management software packages such as Microsoft Azure Active Directory, OneLogin, and Oracle Identity Management can make hacking an employee’s account even more difficult for malicious actors.


University of North Dakota’s Master of Science in Cyber Security Program

Choosing the right online cyber security master’s program is crucial. The best programs offer courses that stay current with today’s cyber security issues and concerns and offer concentrations that can help graduates be attractive to potential employers.

UND’s online cyber security master’s degree program is accredited by the Higher Learning Commission and ranked by U.S. News & World Report as one of the Top 25 Most Innovative Schools (2018), alongside such prestigious institutions as Stanford, Harvard, and MIT.

UND prepares students for careers in cyber security with concentrations in Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security, and General Cyber Security. For more information on UND’s MSCS online program, visit the program’s website.



Snapchat Employees Spy on Users – Vice.com

2018 Insider Threat Intelligence Report – DtexSystems.com (Registration Required)

5 Types of Insider Threats – SecurityIntelligence.com

How Pervasive is Insider Threat in your Company? – CSOonline.com

Top 10 Security Awareness Training Topics – InfosecInstitute.com

Which Cybersecurity Tools Really Address Insider Threat – ObserveIt.com