Ransomware Attacks — Employees could be part of the problem

by Alessandro Civati.

Ransomware Attacks — Employees could be part of the problem

A recent survey of about 100 cybersecurity executives in North America has found that cybercriminals have requested about 50 percent of business employees and leaders to assist in actualizing a ransomware attack.

Employees are critical to the success of organizations, but some factors may influence employees acting contrary to norms. Nobody loves to be fired from their position, and some employees may act maliciously. For example, a part-time remote employee working with a Credit Union in New York was fired in May and used her access to delete more than 21GB of sensitive company data. Juliana Barile, the fired employee, deleted more than 200,000 files carrying sensitive data that included mortgage applications. Barile is currently awaiting sentencing for her actions after she pleaded guilty. The big question is how Barile retained access to the server after she had been fired. It seems that the IT team hadn’t found time to effect the changes as late as two days post-firing when Barile deleted the files. We can begin to see the challenges that businesses are facing concerning insider threats.

Insider threats can be motivated by different goals such as:

The report prepared by Hitachi ID and Pulse indicates the steps taken by enterprise organizations when it comes to cybersecurity and insider threats. Some measures include multi-factor authentication (MFA), zero trust, and identity management system implementation.

In the study, the authors also sought to collect data about the cybersecurity concerns that come to the top of the minds of security leaders. It was evident that the cybersecurity strategy was more focused on access management, with the surveyed executives reporting that 82% of businesses have implemented multi-factor authentication. Another 80% of companies have implemented single sign-on, and 74% implementing identify access management. Slightly less than half (47%) of executives stated that their businesses have already implemented zero trust policies. Additionally, 67% of the security executives report increased and improved cybersecurity awareness training for their employees to their cybersecurity strategy. The increase in cybersecurity training in the last year can be connected to another worrying trend highlighted in the report.

Interesting findings in the report indicate that nearly half (48%) of business employees have been approached by cybercriminals to assist with ransomware attacks.

The security leaders report that the insider risk presents a unique challenge.

Here I present you the Common Types of Insider Threats:

Government-backed cyberattacks present another big challenge, with 74% of security executives reporting a big concern for their businesses. Further, opinion among security leaders on whether the U.S. government was doing enough to prevent and stop government-backed actors and attacks was split. As per the report, 38% of security leaders agreed that the government was doing enough, 47% felt that the government wasn’t taking appropriate action, and another 15% were unsure about their stance.

What Measures Can Help Mitigate Insider Threats?

Businesses must adopt a layered approach, encompassing a range of security controls and processes to prevent and deal with insider threats. No single solution can ultimately reduce the risk of insider threats. But every Company should:

The central vision is that companies and governments should invest more energies and budgets on Internal security and training. Dynamics and Automatic systems must be implemented, performing better and centralized communication between departments. 50% is a higher risk for everyone!

Author: Alessandro Civati

Email: author.ac@bitstone.net

Blockchain ID: https://lrx.is/aKxjEhDM9d

>>> Sign your documents for FREE, Protect your intellectual property using Blockchain Technology: Choose to: https://bipp.lutinx.com <<<

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
LutinX Inc.

LutinX digitally protect your idea, skills and values. We are an Hybrid Blockchain Platform KYC & AML Compliance with multiple Blockchain APPs in a single SUITE