Notes from the Field • 6 Min READ
What Keeps You Awake at Night? Third Parties, Insider Threats, or Nation State Actors? Survey Results Explored.
by Eleanor Barlow • Sep 2020
Last week SecurityHQ released a poll on LinkedIn, within the cyber intelligence group known as ‘Advanced Persistent Threats (APT) & Cyber Security Threat Actor Group’. The group contains over 70,604 cyber security professionals, to which we posed the question, ‘What Keeps You Awake at Night’, with the option to select one of three possible answers.
After a week, the results have been gathered.
Why Ask This Specific Question?
The interests, opinions, attitudes and fears of the world are changing. Every day something in the news influences our behaviours and opinions. These changes need to be monitored in order to respond to threats quickly and effectively. With six SOC’s placed around the globe, SecurityHQ are proud of our global view of the threat landscape and our capability to react to it.
Out of the three options, over 55.29% of those who took part in the poll said that Insider Threats kept them awake at night. Followed by Third Party Risks, at 23.87%. And finally, Nation State Actors at 20.85%. What is interesting here is that if presented with the same question a few years back, we would have expected a very different response, with ‘Nation State Actors’ accumulating the greatest number of votes. Today we are seeing the opposite.
Developing Concerns on Insider Threats
Internal teams pose as much of a threat as external attacks, and both malicious and accidental internal security breaches are regular occurrences. With ‘66% of organizations considering malicious insider attacks or accidental breaches more likely than external attacks.’ (TechJury).
While some attacks are vindictive, the issue that we are regularly seeing is that many employees/insiders are completely unaware that they are a threat in the first place. Take, for instance, an employee working remotely. This employee may be sat at a local café where they decide to work on a company device. If this device was unknowingly hacked while using a different Wi-Fi, the user may be completely unaware that they are spreading malicious malware via their device throughout the company. And, due to current COVID-19 conditions, with ‘30% of people now working remotely full-time, and an additional 18% working remotely one to three times per week.’(Owl Labs), the more probable it is that a connection to an unsecure network will be made.
How to Reduce Insider Threats
First, security training is essential. Employees must be aware of the company’s security protocols and measures, both in and outside of the office. Everything from what to do in the event of a breach, to how to avoid phishing scams, all must be informed.
Second, User Behaviour Analytics is essential to understand the actions within an organisation, and to highlight and stop unusual activity before the damage is done. By using ML algorithms, expert analysts are able to categorise patterns of user behaviour, to understand what constitutes normal behaviour, and to detect abnormal activity. If an unusual action is made on a device on a given network, such as an employee login late at night, inconsistent remote access, or an unusually high number of downloads, the action and user is given a risk score based on their activity, patterns and time.
And while all three threats presented in this poll have risen over the last couple of years in both scale and sophistication, according to IBM’s ‘The Cost of Insider Threats 2020’ report, ‘Negligent employees or contractors were the root cause of 2,962 of the 4,716 incidents reported.’ That’s over half of the reported incidents.
Third Party Risks on the Rise
These days, few organisations work on their own. The majority use third parties, including vendors, partners, e-mail providers, service providers, web hosting, law firms, data management companies, subcontractors and so on. From IT systems to sensitive information shared with legal teams, these third parties could easily be a backdoor into systems for attackers to infiltrate.
Not only are more organisations using third parties, but we are seeing more attacks via third parties, to infiltrate multiple networks. Only the other week it emerged how Blackbaud, a system extensively used by the education sector as well as non-profits, healthcare, and religious organisations, was compromised. The attack meant that ‘at least 10 universities in the UK, US and Canada have had data stolen about students and/or alumni after hackers attacked’ the cloud computing provider, (BBC). This is an example of where a third party plugs into multiple environments, and wreaks havoc if controls are put in place.
Outside of the public eye, we also saw a similar occurrence with respect to a governmental client, in which a major vulnerability was exploited via a third party. In essence, a web application that was used for processing benefits, wasn’t sufficiently hardened, and was acting as a honeypot. Which, naturally, attracted a lot of attackers and put the organisations payment systems at risk.
To manage third parties, organisations must have the ability to detect threats, and the capability to respond to them. Which requires the right combination of people, processes, and technologies.
Cost of a Cyber Breach
Regardless of the risk, be it Third Parties, Insider Threats or Nation State Actors, the cost of a data breach is monumental. According to IBM’S ‘Cost of a Data Breach Report 2020’, ‘The average cost of a breach is $3.86 million dollars’. Even half this amount is a staggering amount of money for the average organisation.
We often become disassociated to statistics like this. But what the numbers show is that, while in past years the main concern was with avoiding reputation damage, now the main concern is avoiding complete devastation and company ruin. Cyber threats can now destroy an entire business in the matter of minutes.
Arguably more profitable than the drug trade, cybercrime is not only abundant, but borderless. There is no way to monitor it. As Feras Tappuni, CEO to SecurityHQ, states:
‘What we are seeing from cyber units, which are acting in an illegal manner, is their capability and ability to pivot very quickly on day to day activities. Be it COVID-19 related, or new vulnerabilities, there is no limit to ransoms. And no one is off limits. From governmental, financial, charities, old people, children, everyone is a potential target.’
In our upcoming blog, we will be exploring Managed Detection and Response (MDR) and how it can be used to tackle issues concerning Insider Threats, Third Parties and Nation State Actors.
For more information regarding the poll, or for a free consultation, contact us here.