Three Things To Know About The Next Generation Of Insider Threats>
Forbes – Yaki Faitelson
First, a well-positioned internal attacker, perhaps your engineers or financial analysts, probably wonât need to conduct reconnaissance like an outside attacker. Second, insiders donât need external malware to access systems or rely on remote servers for command and control, so standard virus or malware scanners would come up empty. Third, like external attackers, insiders now use multiple âshadowâ accounts — either fake accounts or borrowed real ones — to distribute their activities, reducing the chances that theyâll raise suspicions or cross the thresholds of automated detectors. How do non-admin-level rogue employees pull a Snowden? One technique is taking advantage of excessive permissions granted to users who perform specialized tasks. Other insiders can exploit their working relationships with these special users. They can shoulder surf to learn passwords or just guess them. Database admins and networking staff, left unchecked, are prone to choosing short, easy-to-remember text (say, “admin1234”) since they log into many servers during their workday. Detect The Insiderâs Signal With Behavioral Models An essential first step is to identify where sensitive corporate data lives and limit access to the fewest employees. Another preventive step: Tailor privileges to actual job requirements. Sneaky insiders access internal certificates, use encryption software and create shadow accounts as part of their tactics — their behavior profiles are still different from normal users.
Link: https://www.forbes.com/sites/forbestechcouncil/2019/09/25/three-things-to-know-about-the-next-generation-of-insider-threats/#718ec7744d65