Simon Fontaine, President of ARS Solutions and author of a report on cybersecurity, gives you some advice on cybersecurity issues with his own employees.
Disgruntled employees represent increasingly frequent cases of significant losses due to their knowledge of the organization for which they work.
They can easily access data and systems. Not to mention unintended incidents that can manifest in various forms, such as a click on a fraudulent email. Whether intentional or not, the result remains the same.
Here is how data theft can happen in your organization and how you can regain control:
1. Unintentional incidents
Internal personnel can be the source of unintended incidents and can be both a victim and the one responsible. It can be targeted by outsiders.
For example, think about the phishing emails that have become ubiquitous. They are intended to ensure that the recipient clicks on a link leading to the deployment of vicious software or even discloses identifiers, credit card numbers or other valuable information.
Criminals can also send an email to an employee using a very similar address to that of the company and pose as a senior manager. The false senior manager then asks the employee for assistance in a confidential transfer of funds to a specific account, often thousands of dollars.
2. The disruptors
They are the ones whose mission is to cause problems in a company. This may be an employee – current or former – who is unhappy or someone who is being hired to cause problems.
A motivated disruptor with proper access can cause tremendous damage, for example to cause backup files to be overwritten with unnecessary files and then damage files that no longer have usable backup.
According to the comprehensive study conducted by Osterman Research, 69% of businesses experience data loss due to staff turnover and 87% of departing employees take data with them.
What do they do with this information? They sell it to competitors, become a competitor or keep them to use in their next job.
3. Path errors
Sometimes a person simply makes an error that compromises data. For example, a system developer may, inadvertently incorrectly set up a cloud-based storage container and allow Internet access, which can lead to a breach…
Similarly, something as simple as an email sent to an incorrect address (or a fax sent to the wrong fax number) can compromise sensitive information.
This can be caused by accidentally entering the wrong email address, or deliberately (but unknowingly) directing an email to an address set up by an opponent with a name like the one of the real organization.
4. Industrial property thieves (IP)
Some have a mission to steal intellectual property from a company. IP can be valued at millions or even billions of dollars. Stealing a source code from a software, for example, can revive a competitor.
5. Data thieves
Like IP thieves, data thieves are about making money and embarrassing an organization by getting their hands on credit card numbers, social insurance numbers, etc.
How to regain control?
This is why the use of a SIEM (Security Information Event Management), which detects suspicious or unauthorized activities, is so important.
Thanks to artificial intelligence, which provides a constant learning capability, the SIEM learns about users’ usual behaviours and detects changes in habits. This becomes even more interesting in a context where remote work is becoming increasingly common.