Article Details
Scrape Timestamp (UTC): 2024-07-17 11:13:23.127
Source: https://thehackernews.com/2024/07/navigating-insider-risks-are-your.html
Original Article Text
Click to Toggle View
Navigating Insider Risks: Are your Employees Enabling External Threats?. Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks, bitcoins, identity credentials, and passwords. This past spring, current and former T-Mobile and Verizon employees reported receiving unsolicited text messages asking if they would be interested in some side cash2 in exchange for intentionally enabling the "SIM jacking." These headline-grabbing stories about the malicious insider are certainly real, but many external attacks stem from a much less conspicuous source: the accidental insider. These are career employees, contractors, partners, or even temporary seasonal workers who, through negligence or lack of awareness, enable the exploitation of internal weaknesses. Accidental insiders unintentionally compromise security due to: By unwittingly compromising security best practices, accidental insiders pave the way for external attacks in several ways: The consequences of an accidental insider-facilitated attacks can be significant: The good news is that the risk posed by accidental insiders can be significantly reduced through proactive measures: Accidental insiders pose a significant threat that can leave organizations vulnerable to external attacks. However, by implementing proper training, technical and organizational controls, and fostering a security-conscious culture, organizations can significantly reduce the risk. Defend against risks posed by trusted insiders with Everfox Insider Risk Solutions. Note: This article is written by Dan Velez, Sr. Manager of Insider Risk Services at Everfox, with over 16 years of experience in insider risk and threat at Raytheon, Amazon, Forcepoint, and Everfox.
Daily Brief Summary
Insider risks are becoming a critical challenge in modern cybersecurity frameworks, particularly due to both intentional and unintentional insider threats.
Recent reports include cases where employees of well-known companies like T-Mobile and Verizon were approached to facilitate SIM swap attacks for financial gain.
Accidental insiders, unlike malicious insiders, often jeopardize security through negligence or unawareness, inadvertently opening doors for external threats.
These unintentional actions can lead to significant breaches, exposing sensitive information like email, bank accounts, and identity credentials.
The FBI has highlighted the increase in such insider-assisted threats, particularly SIM jacking, urging organizations to enhance internal security measures.
Proactive internal controls, thorough employee training, and a security-aware culture are essential to mitigating the risks posed by insiders.
Implementing sophisticated insider risk solutions like those offered by Everfox can help organizations protect against both intentional and accidental insider breaches.