SAFE FROM HARM?: Your company may be protected from outside attacks but not from inside ones.

amir hamzahBy Amir Hamzah

Back in the day, cyber criminals operated like traditional burglars. They typically broke into systems to steal data like how traditional burglars break past fences, cameras and other physical barriers.

Techniques such as crafting malicious code and conducting probes to discover weakened entry points were common, and cyber criminals would enter with these tools much as how a thief picks a weak lock, or slide in through a broken window.

Oddly efforts to build stronger firewalls and secure networks with advanced encryption seem to be a losing battle with more data breaches now than ever before? Last year, the amount of security incidents that turned into full-blown attacks nearly doubled.

The answer is both simple and scary: more of these attacks start not with far-off, faceless “bad guys” breaking in, but from inside our own walls.

In 2014, 45% of all cyber attacks are instigated and committed by hackers directly targeting an organisation’s network from the outside.

In nearly a quarter of attacks, cyber criminals worked to exploit unwitting personnel or third-party partners as conduits for a breach wherein external attackers benefitted from the missteps of an employee, either through social engineering schemes or other means.

Meanwhile, 55% of cyber attacks were caused by insiders within a company. What’s more, security incidents resulting from unauthorised access skyrocketed – accounting for 37% of total attack causes, nearly doubling from 19% in 2013. Who are these insiders, and why are they infiltrating their own companies?

info graph

Simply put, an insider is anyone who has access to a company’s assets – both traditional, physical items as well as data and information. Though they can be often be employees, they’re also third parties that a company typically trusts, such as business partners, clients or contractors.

Some of the most common insiders who carry out attacks are: Disgruntled or malicious former and current employees taking advantage of their privileges and access.

This group is particularly dangerous, as they’re often willing to go to extraordinary measures to circumvent security controls, and are unconcerned with potential consequences. Inadvertent victims of social engineering who fall into the trap of phishing scams, accidentally click on malicious attachments or links, etc.

It’s important to note that more often than not, these unintentional mistakes are where insider breaches start, as 95% of all branches are caused by human error.

The rise and success of insider attacks points to the increasing effectiveness of social engineering strategies. Spam, in particular, has risen from an annoying afterthought into a legitimate attack vector, as businesses and operators on the Dark Web craft custom spam campaigns with rising sophistication – many of which are identical to authentic communications to even the savviest of recipients.

This new era of spam is seeing tremendous success in tricking users to inadvertently infect their corporate networks with ransomware or malware. Its effectiveness as a tactic is evident in its growing popularity among cyber criminals.

Until mid-2013, the percentage of spam carrying malware rarely exceeded 1%. But since then, the amount of malicious spam has spiked to 4%, even though overall spam volume has not changed – meaning criminals are using this channel more than ever before.

Growth in insider-caused attacks means that cyber criminal strategies are evolving, becoming more targeted and stealthy, less obvious, and more effective.

Cyber security strategies that kept criminals at bay even just a couple of years ago must be rethought, with the danger of insider attacks at the top of our minds.

Take spam seriously. Keep your spam and virus filters updated, block executable attachments (which are unusual in business environments), and use software that can disable automatic rendering of attachments and the preloading of links.

Employ forensics on your network to better understand activity coming into and going out of it. This can not only help you spot potential incidents quickly (and shut them down), but is also important in reconstructing how a breach happened if it occurs – enabling you to prevent further harm.

Reduce inadvertent security mistakes. Given the enormous role of human error in cyber attacks, remember the people within your organisation are the most important part of any data breach prevention strategy.

Maintain security awareness training of employees and contractors to make them aware of risks, and make sure who has privileged access is monitored and controlled.

Keeping these tactics in mind is becoming a make-or-break strategy for businesses, as the cost of repairing a data breach continues to rise – up 23% since 2013 to an average of US$3.8mil (RM14mil).

Though cybercrime cannot yet be completely eliminated, we can stay on top of their evolving strategies to better bolster our defences.

Amir Hamzah is a security specialist at IBM Malaysia.