Defending against insider threats poses one of the most challenging problems for security professionals. Unlike external threats, which can often be more easily detected and prevented, insider threats can manifest in various ways, making them harder to identify and address. Nonetheless, it is crucial for organizations to tackle this issue as part of a robust and layered security strategy. The consequences of insider threats can be extremely costly, as demonstrated by several high-profile incidents.
One notable example is the Twitter Bitcoin Scam that occurred in July 2020. A number of high-profile celebrity and brand accounts, including Kim Kardashian, Kanye West, Barack Obama, Joe Biden, Apple, and Uber, tweeted out messages promising to return double the amount of Bitcoin sent to their wallets. This attack was the result of employees with internal access falling victim to social engineering, allowing the bad actors to take advantage of their insider privilege. The incident resulted in hundreds of thousands of dollars in losses.
Another incident involved a former Cisco employee who used his retained network access to breach Cisco’s WebEx platform in 2018. By deploying code that deleted 456 virtual machines hosting the WebEx Teams application, the attacker shut down 16,000 WebEx Teams accounts for two weeks. Cisco had to spend $1.4 million to remediate the incident and compensate affected customers.
In late 2013, Target experienced a major data breach in which attackers stole the credentials of a third-party vendor to gain access to sensitive customer data, including millions of debit and credit card numbers. The total cost for Target to resolve the incident amounted to $202 million, including a court settlement reached in 2017.
A former Google employee also made headlines when he stole confidential documents from Google and used them to develop the self-driving truck company Otto. He later sold the company to Uber, leading Google to file a lawsuit against Uber for the theft of trade secrets. The former employee reached a plea deal and paid fines and restitution to Google.
Anthem BlueCross BlueShield suffered a breach in 2017 when an employee of their Medicare insurance coordination services vendor emailed sensitive data to his personal email address, violating the privacy of thousands of members. The incident led to a forensic investigation and the strengthening of weak security systems.
In 2019, a former employee of Amazon Web Services hacked into a Capital One database hosted on the service, stealing the private information of over 100 million people. The incident cost Capital One up to $150 million.
Even an intern can pose a threat, as demonstrated when a former Apple intern leaked parts of iOS source code in 2019. Although the leaked code was not deemed to pose a significant security danger, it highlights the potential reach and impact of data breaches.
These incidents clearly illustrate that no organization is safe from insider threats. In fact, larger corporations often experience more insider threats than small and mid-sized businesses. Traditional threat detection and prevention measures often fall short in addressing insider threats, but there are specialized solutions available.
Data detection and response technology is specifically designed to address the challenges of protecting data against insider threats. By analyzing sensitive data using both content and context, this technology aims to prevent leaks and breaches. With the right information and a commitment to data security, organizations can establish a strong defense against potentially devastating insider threats.