Ransomware Attacks — Employees could be part of the problem

LutinX Inc.
5 min readDec 22, 2021

by Alessandro Civati.

Ransomware Attacks — Employees could be part of the problem

A recent survey of about 100 cybersecurity executives in North America has found that cybercriminals have requested about 50 percent of business employees and leaders to assist in actualizing a ransomware attack.

Employees are critical to the success of organizations, but some factors may influence employees acting contrary to norms. Nobody loves to be fired from their position, and some employees may act maliciously. For example, a part-time remote employee working with a Credit Union in New York was fired in May and used her access to delete more than 21GB of sensitive company data. Juliana Barile, the fired employee, deleted more than 200,000 files carrying sensitive data that included mortgage applications. Barile is currently awaiting sentencing for her actions after she pleaded guilty. The big question is how Barile retained access to the server after she had been fired. It seems that the IT team hadn’t found time to effect the changes as late as two days post-firing when Barile deleted the files. We can begin to see the challenges that businesses are facing concerning insider threats.

Insider threats can be motivated by different goals such as:

  • Sabotage — where an employee uses their access to damage data or systems.
  • Espionage — an employee will steal information and sell it to a competitor or even hand it over to the government.
  • Fraud — the destruction, modification, or theft of data for purposes of deception.
  • Intellectual Property Theft — an employee steals intellectual property and sells it to other parties or moves it to the next position.

The report prepared by Hitachi ID and Pulse indicates the steps taken by enterprise organizations when it comes to cybersecurity and insider threats. Some measures include multi-factor authentication (MFA), zero trust, and identity management system implementation.

In the study, the authors also sought to collect data about the cybersecurity concerns that come to the top of the minds of security leaders. It was evident that the cybersecurity strategy was more focused on access management, with the surveyed executives reporting that 82% of businesses have implemented multi-factor authentication. Another 80% of companies have implemented single sign-on, and 74% implementing identify access management. Slightly less than half (47%) of executives stated that their businesses have already implemented zero trust policies. Additionally, 67% of the security executives report increased and improved cybersecurity awareness training for their employees to their cybersecurity strategy. The increase in cybersecurity training in the last year can be connected to another worrying trend highlighted in the report.

Interesting findings in the report indicate that nearly half (48%) of business employees have been approached by cybercriminals to assist with ransomware attacks.

The security leaders report that the insider risk presents a unique challenge.

Here I present you the Common Types of Insider Threats:

  1. Negligent Workers: Whereas many organizations focus on addressing insiders with malicious intent, employees’ primary challenge is negligence. Up to 60% of data breaches are caused by unintentional actions of employees, such as leaving an unencrypted device containing sensitive data in public.
  2. Departing Employees: There’s the risk of employees leaving an organization either voluntarily or involuntarily. The most common threat is the theft of data or intellectual property by employees leaving involuntarily or anticipating a departure.
  3. Security Evaders: Some employees may consider security rules to be inconvenient and a hindrance to productivity. Employees may use security workarounds that leave a business open to compromise. Cybersecurity plans and policies are designed to help protect the Company, its data, and employees.
  4. Malicious Insiders: Employees may feel aggrieved by the organization and take revenge by leaking, deleting, or distorting sensitive data. Their motivation will be purely malicious.
  5. Inside Agents: Insiders can be malicious, maybe tricked via social engineering, or coerced through bribery or blackmail to allow an external group into the company network. The insider will be providing their access credentials and associated privileges.
  6. Third-Party Partners: In some cases, not all insiders are employees. More than 90% of organizations provide their partners, suppliers, or vendors access to their networks and systems. The third parties may cause damage akin to that of employees with elevated access.

Government-backed cyberattacks present another big challenge, with 74% of security executives reporting a big concern for their businesses. Further, opinion among security leaders on whether the U.S. government was doing enough to prevent and stop government-backed actors and attacks was split. As per the report, 38% of security leaders agreed that the government was doing enough, 47% felt that the government wasn’t taking appropriate action, and another 15% were unsure about their stance.

What Measures Can Help Mitigate Insider Threats?

Businesses must adopt a layered approach, encompassing a range of security controls and processes to prevent and deal with insider threats. No single solution can ultimately reduce the risk of insider threats. But every Company should:

  • Conduct a regular risk assessment to grasp the potential impact of insider attacks fully.
  • Carefully manage the accounts and privileges of all employees and contractors.
  • Schedule regular security awareness training for all staff.
  • Implement 24/7 network and endpoint monitoring to detect anomalous behavior.
  • Undertake penetration testing annually to help identify security improvements to your cybersecurity plan.
  • Undertake a simulated phishing assessment to evaluate vulnerability.

The central vision is that companies and governments should invest more energies and budgets on Internal security and training. Dynamics and Automatic systems must be implemented, performing better and centralized communication between departments. 50% is a higher risk for everyone!

Author: Alessandro Civati

Email: author.ac@bitstone.net

Blockchain ID: https://lrx.is/aKxjEhDM9d

>>> Sign your documents for FREE, Protect your intellectual property using Blockchain Technology: Choose to: https://bipp.lutinx.com <<<

--

--

LutinX Inc.

LutinX digitally protect your idea, skills and values. We are an Hybrid Blockchain Platform KYC & AML Compliance with multiple Blockchain APPs in a single SUITE