I just attended the Blackhat 2019 Conference – which is the largest information security event in the world – on August 7-8 and listened to a very informative presentation by John Grim Managing Principal – Americas, Verizon Threat Research Advisory Center or VTRAC on the recently released Verizon’s Insider Threat Report.
Grim began the presentation by highlighting Verizon’s five insider threat categories, including the following:
- The Careless Worker
- The Inside Agent
- The Disgruntled Employee
- The Malicious Insider
- The Feckless Third Party
As a side note, I had to look up the word “feckless,” which has a number of meanings, including irresponsible, incompetent, inept, and lacking character.
Grim defined insiders as “full- and part-time employees, independent contractors, interns, and other staff, as well as business partners and third parties with some level of privileged access.” He also said that “human resource controls, security access principles, training, and third-party management controls can mitigate risks.”
According to Verizon’s Insider Threat Report, “twenty percent of cybersecurity incidents and 15 percent of the data breaches investigated within the Verizon 2018 DBIR originated from people within the organization, with financial gain (47.8 percent) and pure fun (23.4 percent) being the top motivators.”
In addition, these attacks, which exploit internal data and system access privileges, are often only found months or years after they take place, making their potential impact on a business significant.
To put all this in perspective, Capital One’s recent data breach was impacted by the very insider threat or “feckless third party” when an irresponsible, former Amazon employee lacking character and integrity is now being charged with computer fraud.
Just as I wrote in a recent LinkedIn post about Capital One’s data breach event that the question should be “who’s in your wallet?” – I believe every business and organization, based on Verizon’s Insider Report, should be asking “who’s the insider threat at your company?”
To conclude, Verizon offers organizations an opportunity to “identify pockets of risk within the employee base, real-life case scenarios, and countermeasure strategies to consider when developing a comprehensive Insider Threat Program.”
