Cyber Explainer: Inside Threat

Most thieves are banking on the tried-and-true idea that once inside enterprise networks, they can stay hidden in plain sight

Inside Threat Hacker Edward Snowden

In this new series, “Cyber Explainer,” Interset breaks down the five most damaging types of threats facing enterprises, then details the five most effective cyber attack methods criminals use to exact them. For this fifth installment, we look at inside the threat, an all-too-common infiltration tactic virtually dictating today’s threatscape.

What It Means
An insider threat refers to data compromise due to the actions of malicious or negligent employees (including sub-contractors). But in today’s cyberthreat climate, from a security-posture standpoint, it makes more sense to look at an insider threat as one facet of the larger inside threat. The latter is an umbrella term that refers to any threat within the network. It can originate from someone employed by the enterprise, or from an outside attacker impersonating an employee through a compromised account.

Where You’ve Seen It
NSA contractor Edward Snowden’s misuse of credentials is perhaps the most infamous, cautionary tale of inside threat. Without even significant clearance, he was able to leak documents damning enough that we still talk about their impact on national security today. Another notorious breach, this one on Ukrainian SCADA networks, used stolen employee credentials for VPN access to disrupt power in the country’s western region.

How to Stop It
In its 2017 data-breach study, Verizon reported that internal actors contributed to 25% of breaches. That number is growing. Inside threats are advantageous to thieve because by emulating employee activity, they’re difficult to spot. Once inside the network, the invasions behave similarly: data reconnaissance, staging, then exfiltration. All the while, thieves are mindful of concealing their tracks. Any cybersecurity system that leans on rules, such as a SIEM platform, will likely lack the visibility to pinpoint inside threats. Still, threats “touch” multiple entities (users, servers, endpoints). So big-data friendly security analytics, by nature, can spot anomalies in the behavior of individual entities and scrutinize how those entities interact with each another. What once felt like looking for a needle in a haystack is now no sweat to technology driven by machine learning.

LEARN MORE Why machine learning is key to impactful threat detection and intelligence