teissTalk: Inside job - investigating the malicious insider threat

teissTalk host Geoff White was joined by Aderonke Thompson, Associate Professor Federal University of Technology, Akure as main guest; Sudeep Venkatesh, Chief Customer Officer, Egress; and Robin Lennon Bylenga, Human Factors in Information Security, Scoutbee.

 

Views on news

Leading US payment company has warned its eight million customers that their data may have been breached after a former employee had downloaded “certain reports” containing Cash App customer information on December 10 last year after their employment had ended.

 

Information in the report included brokerage account number, portfolio value and stock trading activity. Insider threats – whether malicious (turncoat), careless (pawn) or accidental – have been on the increase for the last few years. Insider threat has both a cyber security and a HR aspect to it as it’s often employees moving on to another job that take confidential documents with themselves. Background checks on new recruits can prevent some of these incidents happening.

 

There is a distinct line between bringing knowledge from a previous role to a new job and getting data out – the latter having serious GDPR and breach of confidentiality implications as well.

 

Identifying and dealing with insider threat

Rules on background checks vary from country to country. For a German company with a presence in the UK, for example, it’s important to remember that background checks can only be made if HR can prove that it’s critical to a particular role.

 

There is a fine line between those who act maliciously and those who pose a threat due to negligence. But negligence done repeatedly amounts to a malicious threat.

 

There are three distinguishing features to malicious acts: they will take more time to discover as the perpetrators are trying to cover their tracks, the degree of financial loss they can incur is usually higher, and the methodology and technology required to detect them and prevent them happening again are inherently different. Technology can help monitor user behaviour, establish patterns based on historic data and detect anomalies as they happen.

 

The Human Factors Analysis and Classification System (HFACS) originally used to investigate the human factors aspects of aviation, has been applied to cyber and used in two ways – proactively, to identify which departments are most at risks based on the human cyber security risk register, as well as to identify factors behind the root cause of an incident using a blame-free, holistic approach to incident investigations.

 

There are great  e-learning tools that can help employees understand and adopt the gist of complicated acceptable use and other cyber security related policies. When you see signs of malicious activity, the best policy is to intervene unless you know about some life events that can explain unusual behaviour.