Think about this identity misuse scenario: an Insider Threat where one employee outsourced his own job to a foreign consulting firm while receiving high performance reviews year after year. But as the organization was in critical infrastructure this gets scary really quick. If something similar happens in your organization are you ready to handle it? Do you have solutions to detect it? And if so, how long do you think it will take to find out that you have a rogue insider?
It’s funny (not really) that someone is able to give their credentials and VPN access to outside entities without detection for so long. The motivation for employees to become insider threats tend to be mostly monetary. It could also be host of other reasons like disgruntled employee, low performance reviews, payback for any misunderstanding, etc.
Typically, these scenarios are accompanied with high privilege identity misuse.
It took this organization multiple years to detect the anomalous behavior. Part of the reason for large dwell time could be the lack of resources to investigate these cases or inability to pick the needles from a large haystack. This is where solutions leveraging big data machine learning can really make a difference and be the force multiplier. The amount of data that we are looking at is increasing exponentially and throwing headcount at this problem doesn’t scale. User Behavior Analytics (UBA) is able to scale the data science to help tackle this exact problem. In addition, UBA picks up any anomalous behavior even if it is previously unknown to the security team. However this will be a blind spot if you depend on rules or query based solution. You can read more about UBA here.
The data breach digest has some very interesting cyber security scenarios discussed.
This report compliments the DBIR, which most of us are aware of in the past. There are 18 identity misuse scenarios discussed based on their prevalence and lethality. Meanwhile, the scenarios include social engineering, partner misuse, hacktivist attack, backdoor access, sophisticated malware, partner misuse amongst others. It’s an interesting read for sure and the full report can be found here: Verizon Insights Data Breach Digest
Organizations use Gurucul technology to detect insider threats, cyber fraud, IP theft, external attacks and more. The company is based in Los Angeles. To learn more, visit Gurucul.com and follow us on LinkedIn and Twitter.