Insider Threats Personified – Part 3: Patient Zero Un-Hero

This week in ‘Insider Threats Personified’ we’ll see how the actions of your employees can inadvertently launch a threat against your customers and partners and result in long-lasting reputational damage for your organization. We’ll also explore best practices your IT team can implement to minimize the potential of accidentally launching a “patient zero” attack.

Insider Threat Scenario: Oops, Did I Do That?

Ginny was doing some market research for her organization and came across a report she believed could be useful. She downloaded the report onto her work computer and opened it. There were several URLs embedded into the report that linked back to the source of certain statistics.

When Ginny clicked on one of these links, it caused malware to be unleased onto her laptop. The malware was not noticeably detected by Ginny, however, it was powerful. It lurked in the background, storing her keystrokes and patiently waiting until it had collected her login credentials. The attackers behind this malware then used Ginny’s credentials to log onto her system, access her inbox and launch a larger scale attack by sending emails to all her contacts.

These malicious emails spread quickly through her organization and beyond, landing in the inboxes of her colleagues, customers and partners.

A Reputational Security Nightmare

Employees play a big role in helping to maintain a secure environment for your organization. And those with customer-facing roles represent the organization and its brand when they engage with third party vendors, partners and customers. If the security of these employees is compromised, not only can it have a negative impact on the organization, but it can also leave a “bad taste” in the minds of their partners and customers. There is a level of trust between customers, partners and other third parties that sensitive data will be protected and appropriate security measures will be taken to safeguard against compromises.

Once Ginny’s customers or partners realize that the email they received from her was indeed malicious, they may feel violated. This could result in long-term reputational damage for the organization and further negative consequences including a lack of trust by customers, unwanted publicity, lost business, lost revenue and possibly even lawsuits.

Your Insider Threat Program

Traditional email security solutions focus on protecting inbound email from phishing attempts, malware, impersonation attacks, malicious URLs and attachments and other sophisticated attacks.

But what happens if a threat is introduced internally by the actions of your employees? Human error plays a big role in data breaches – in fact, research shows that over 90% of such incidents are initiated by employees making “bad decisions.” And while many of these compromises are initiated unintentionally on the part of the employee, once a threat is introduced into the system, it can cause significant harm to the organization and its brand.

Does your IT team have systems and procedures in place to identify the source of a threat and stop it from spreading? Emails sent between users or from internal users to third parties, such as customers and suppliers, represent the majority of most organizations’ email traffic; however, they are often left under-protected.

In this scenario, having full visibility of your internal and outbound email traffic would enable your IT staff to monitor and detect threats that originate within the organization. Without insight, it can often take days, weeks or even months to isolate a threat and stop it from spreading. By then, the damage caused to an organization’s reputation may be irreparable.

Once a threat has been detected, threat remediation services integrated into your current email security solution would enable your IT staff to automatically or manually remove emails from users’ inboxes that should not be sent or viewed. 

Catching malicious emails before they spread to external third parties is a powerful way to protect your organization’s brand and reputation.

See Mimecast’s Internal Email Protect and how it can help protect your organization from the internal spread cyberthreats.