The Bad Actors Within Your Business

Recap from the July 31st, 2019 CISO/Security Vendor Relationship Podcast

by Lydia Pert

We have all listened to spooky stories or watched scary movies where it turns out the bad guy was inside the house the entire time. These plotlines tend to hit us hard because it’s especially frightening to contemplate that danger is lurking in the place we feel most safe. But these creepy plotlines stand as a sobering reminder for businesses as well — sometimes the most significant cyber threats are within the walls of your office. External bad actors pose a considerable risk, but internal bad actors pose a different and often more significant threat.

As Steve Prentice explained in the most recent Cloud Security Tip: sometimes business leaders place so much focus on external threats, that they often overlook internal bad actors — the people inside the walls of the business who have some level of trust or privilege. Internal bad actors have easy access and a daily opportunity to compromise sensitive data – like social security numbers, credit card numbers, and medical files.

Who’s At Risk?

The short answer is that every single business is at risk of inside bad actors — because not all insider threats are the same. Some are well-intentioned employees who give away sensitive data to the wrong person. Some are actual user accounts that have been compromised by an external attacker. Others feel taken advantage of or betrayed by their organization, and try to vandalize assets as a form of revenge. Others are merely stealing data for personal gain. But regardless of circumstance or motive, internal bad actors can be detrimental for business. While every organization needs to be on the lookout for internal bad actors — experts have determined there are three fields especially vulnerable to malicious internal actors:

  • Healthcare
  • Manufacturing
  • Financial Services

In these three fields, it is easy for internal bad actors to steal personal data and sell it on the black market — or even use said data to obtain new credit cards, houses, and anything that the entrusted documents support. Most of the documents and data found within these fields represent a “person,” and as a result have immeasurable value. In addition to staff saboteurs, internal employee data can also be used to impersonate employees — allowing criminals to access company networks and resources, and in some cases even showing up in person and posing as an actual employee. Vigilance against this type of cybercrime is just one more building block in the trustless society, although not a fun one.

Preventing Internal Bad Actors

Although healthcare, manufacturing, and financial services are especially vulnerable — every business is at risk and needs to know how to prevent internal bad actors.

When it comes to preventing internal bad actors, the primary focus should be on your well-intentioned employees. Most employees want to be helpful, and hackers often exploit this trait. Cybersecurity awareness training is an absolute must because just like you will always have disgruntled employees, you will also always have gullible employees.

For compromised or malicious insiders, you will need to take a different tactic. A great way is to use honeypots: data and resources that appear legitimate but are nothing more than ways to identify bad actors. Honeypots can be combined with user behavior analytics so you can identify users actively searching for data they shouldn’t be. Once you’ve identified potential internal bad actors, you can follow their behavior more closely to quickly gather the evidence you need to put an end to their practice once and for all.

In addition to cybersecurity training, honeypots, and behavior analytics, you can also implement a VPN to enforce network access control. Access control systems authenticate and authorize users by evaluating the required credentials — verifying that the person or application is who or what it claims to be and allowing the appropriate access levels and permissions associated with the username or IP address. Users are then enabled to connect to the authorized network resources. Our VPN, Access Server, can be configured to provide precisely this control, using LDAP to access Active Directory for authentication.

Share this story: