The threat to a business from outside perpetrators is very real when it comes to cybercrime. But sometimes the threat comes from within, and it is even harder to detect or prevent in the first place.
Why would someone try to intentionally hurt the very company that provides them with a paycheck? The reasons vary, but there are a few that are repeat offenders. They include stealing proprietary information to take to another job, selling to the competition, or working with cybercriminals to provide the foundation for an attack.
You may be familiar with companies that provide solution model framework which works to prevent attacks, such as Lockheed Martin’s Cyber Kill Chain. These describe the stages of an attack and explain the tactics used, but these programs don’t necessarily consider the human element when it comes to cybercrime. Human behavior can’t always be so easily predicted, and a business needs to take the approach of not only training their workforce to fend off cyberattacks but also looking at each ‘human element’ as if they are carrying a risk factor for internal inside threat.
Offsetting the Risk
Many times, there are assumptions that leave people believing that someone else is taking care of what needs to be done to keep a business safe, secure, and successful. As their MSP, work with your clients to clearly outline and identify who your internal point persons are when it comes to maintaining their cybersecurity program. This outline should not only include all the hardware and software that is in place, but also who internally is keeping the company accountable to engage and use the products that you offer as part of their defense program. The lack of identifying a person is often what leaves a company at greater risk for internal threats, as people just “assume someone else was handling it”. And since you can’t be there all of the time, you need to have your own insider to help keep the program humming along. Establishing accountability as a factor of your business relationship will provide you with more likelihood of success and lessen the risk of internal dangers.
There are some behaviors that can act as alerts for suspicious behavior.
What to look for:
- An unusual number of files being accessed and opened
- Avoiding or trying to work around security measures that are in place
- Saving files to unusual locations
- Utilizing USB drives to save or move information
- Using tools or software that hides online activity
We know that having hardware and software can protect a business, but don’t overlook the human side of what you are doing for any of your clients when it comes to cybersecurity, and always make sure that they know that their workforce is integral to maintaining that security.