The U.S. presidential campaign was roiled continuously by leaks of emails from the Democratic National Committee and the chairman of that party’s presidential campaign. After it was revealed that those actions resulted from email phishing attacks, many CISOs may well have empathized. But when, in early May 2017, a sophisticated phishing scam enticed perhaps a million users or more to click on a Google Docs link, that empathy might have morphed into a state of high anxiety.
These events demonstrate that even well-meaning computer users can be lured into risky online behavior. The Google Docs cyber-attack relied on email delivered to inboxes that appeared to have been sent by a known and trusted contact. Many enterprises use Google resources for parts of their own infrastructure, and even those that don’t may have many employees with their own accounts for Gmail, Google Docs, and other services.
Even the best-intended workers can open the enterprise network to interlopers, while some legitimate users may exploit their authorized access to execute malicious activities.
Insider Threats
It may well be that the actions of insiders are a greater threat than those of outsiders. An analysis of cyber-breach claims data by Willis Towers Watson, a global multinational risk management, insurance brokerage, and advisory company, reveals that 66% of cyber-breaches are a result of employee negligence or malicious acts, compared to 18% directly driven by an external threat, and 2% from cyber-extortion. So it makes sense to take note of common employee behaviors that put your company at risk:
- Employees’ devices can quickly be infected by malware when they click on a link or proactively visit a website poised to deliver a sliver of malware that can explode into a full-blown attack. Without their knowledge, their systems are subsequently being controlled by someone who's taking days, weeks, or even months to find what's worth stealing inside the enterprise network.
- Many employees let their guard down when using social media. An Intel Security survey of 2,000 UK respondents revealed that two-thirds had never wondered about whether a LinkedIn contact was authentic, and 24% had connected on that service with somebody they did not know. Not only does that make them susceptible to targeted attacks, but it also puts their companies at risk, as interlopers gain access to trusted circles and can target others within an enterprise.
- Workers can be naïve, and negligent, about handling confidential information. IT solutions provider Softchoice surveyed 1,500 North American workers and found that one in five employees keep passwords in plain sights, such as on Post-It notes.
- One in three cloud app users has downloaded an app without letting their IT department know, according to the Softchoice survey.
- Almost three-fourths of employees say they would share sensitive, confidential, or regulated company information under certain circumstances, according to the Dell End-User Security Survey 2017. Those circumstances range from being directed to do so to believe the risk is low. But for the most part, the employee is making a judgment call that it is OK to do so.
Only by automating the detection of attacks and risky behaviors inside an organization can IT security stand a chance. As the new dimension of complementary attack detection, user and entity behavior analytics (UEBA) is a fast-emerging technology that utilizes machine learning techniques to detect anomalous behaviors and reliably attribute malicious intent to them.
Learn More
View the infographic to learn how Aruba IntroSpect behavior analytics solution can help you assess the risks—and act faster.