Insider Threats Personified – Infected, User Should Beware
 

We live in a mobile world where cyber attackers target employees who work in the office, at home or from the road. In parallel, threats can also be introduced onto an employee’s device outside of the office while using public WiFi at a coffee shop or by inserting a compromised USB stick they found on a park bench or received at a conference.

This week in "Insider Threats Personified" we follow the day-in-the-life of an employee who travels regularly for work and is exposed to threats outside the “safety” of his office building and home office. And we’ll consider ways your IT team can detect and isolate these new threats quickly before they spread and affect end users across the organization.

Meet Andy, the Swag-Happy Conference Goer

Sure, I’ll Take One of Those

Andy is in sales and travels a lot for his job. This week he is attending an industry conference that he’s participated in for the past five years. A lot of his customers also attend the conference and he’s become friendly with many of the vendors who have displays in the exhibit hall. 

His favorite part of the day is when he has time to walk the exhibition floor, schmooze with familiar faces and collect swag. He loves to collect as much as he can and distribute his stash amongst his colleagues once he’s back in the office.

One of the vendors was distributing 2GB USB drives. Andy figured those could be useful to backup documents on his work laptop and grabbed three. When he got back to the office, he found them in his bag of goodies, gave two away to colleagues and kept one for himself. When he got back to his desk, plugged the USB stick into his laptop. 

Unknown to Andy, when he plugged in the USB stick, it unleased malware onto his work laptop that logged keystrokes and used the internet to communicate the information that it was collecting back to the attacker. The malware also integrated itself into a ‘false Excel spreadsheet’ and used Andy’s email to distribute itself to his entire contact list which included customers and colleagues.

A Detection Nightmare

Careless insiders don’t intend to cause harm to their organization, but often make poor decisions, like Andy did in this case. He blindly trusted the USB stick he was using was ‘safe’ and plugging it into his work laptop. While Andy’s actions were not done with malicious intent, he did increase the potential for a data leak within his organization and compromise the business. If the threat continues to spread to customers and partners, it could result in negative consequences including a lack of trust by customers, unwanted publicity, lost business, lost revenue and possibly even lawsuits.

Andy’s mistake becomes IT’s problem. As the threat is spread by email throughout the organization, it gets more and more difficult to contain. To contain the threat, IT needs to be able to detect that the threat exists in the first place. Since the malware was introduced internally, through a USB stick, traditional email gateway solutions that scan inbound email would not be able to catch and stop it or help the IT team isolate the source of the threat.

Your Internal Threat Action Plan

Traditional email security solutions focus on protecting inbound email from phishing attempts, malware, impersonation attacks, malicious URLs and attachments and other sophisticated attacks.

But what happens if a threat is introduced internally by the actions of your employees?

Human error plays a big role in data breaches – in fact, research shows that over 90% of such incidents are initiated by employees making “bad decisions.” And while many of these compromises are initiated unintentionally on the part of the employee, once a threat is introduced into the system, it can cause significant harm to the organization and its brand.

Does your IT team have systems and procedures in place to identify the source of a threat and stop it from spreading?

In this scenario, having full visibility of your internal and outbound email traffic would enable your IT staff to monitor and detect threats that originate within the organization. Without insight, it can often take days, weeks or even months to isolate a threat and stop it from spreading. By then, the damage caused to an organization’s reputation may be irreparable.

Once a threat has been detected, threat remediation services integrated into your current email security solution would enable your IT staff to automatically or manually remove emails from users’ inboxes that should not be sent or viewed. And comprehensive malicious URL and attachment protection will identify and remove malicious content from internally generated emails before it can continue to infiltrate an organization’s network.

Learn about Mimecast Internal Email Protect and how it can help protect your organization from the internal spread cyberthreats.