How Not to Be the Next Victim of Insider Attacks

by in CyberRes

While Uber is investigating the latest cybersecurity incident, speculations are popping up everywhere. According to the NYT report, “The person who claimed responsibility for the hack told The New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering.”

The Impact

How NOT to be the next victim of insider attacksIf this was indeed the case, Uber would likely be another victim in the world of insider attacks where, according to 2022 Cost of Insider Threat Global Report, two out of three companies are experiencing 20+ insider-related incidents per year. The same research also reveals that employee or contractor negligence has the following impact:

  • Average cost per incident: $317,111
  • Mean number of incidents per year 14.9
  • Average annualized cost: $4,724,954

Employee Becomes Adversary

“In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems” - CISA’s Security Tip (ST04-014). In general, organizations have been active in raising cybersecurity awareness with their employees.  However, sometimes, all it takes is just one employee or contractor who gets ‘social engineered’ by savvy criminals into an insider threat.

Be Proactive

Fact No. 1: Insider threats are just a part of our reality for many of us.

Fact No. 2: Many potential attacks get foiled before turning into damaging incidents and headline news.  

So, why are some organizations better protected? How did they avoid being another casualty? Well, “war stories” abound!  If you are heading to the 2022 fal.con next week, please be sure to join Paul Reid, CyberRes’ Head of Threat Hunting, for his “Stories from the Trenches” - Tuesday, Sep 20, 4:00 PM - 4:20 PM @ Partner Theater - The Hub.  If you are not going to be at fal.con, no worries.  You can learn more about how to start building or reinforcing your insider threat prevention program now.  Key topics covered:

 Fal.con Conference 2022

What is an Insider Threat? | What are Behavioral Analytics? | What is Machine Learning? | What is Threat Hunting?

Labels:

Security Operations
Anonymous