• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   CTO Insights   »   CTO Insights: Defending Your Organization From Insider Attacks

CTO Insights: Defending Your Organization From Insider Attacks

  • Posted on:April 27, 2015 at 7:40 pm
  • Posted in:CTO Insights, Targeted Attacks
  • Author:Raimund Genes (Chief Technology Officer)
0

If you’ve read enough crime novels or seen enough action movies, the plot is all too familiar to you: an insider – acting to correct some slight or insult he or she received years ago – turns against an organization and inflicts significant damage. Sometimes the insider is on the side of the good guys, sometimes on the bad guys.

This makes perfect sense. An insider knows exactly how an organization does things, what they consider valuable, and how they will respond to an attack. Who else would be better to carry out an attack than an insider?

However, that assumes that an “insider threat” is by design. Fortunately, most people are not out to destroy the organization they belong to. Most people want the group that they are part of to succeed and do well. Unless you’re in an organization that deals with national security, this is probably something you don’t have to worry about.

The problem is that not all “insider threats” are deliberate. “Insiders” could end up leaking information to attackers inadvertently. Social media has provided users with many new and interesting ways to communicate, and unfortunately sometimes this includes confidential information that shouldn’t be communicated.

If people are already leaking information online, what more if you have a social engineer trying to squeeze information from others? Social engineering can be defined as the art of getting others to do what you want. It’s an art that’s been practiced in one way or another for thousands of years, so it shouldn’t be a surprise that threat actors have become very good at it.

Almost all targeted attacks begin with some form of social engineering. While it is not a simple task, you can – and should – attempt to defend against these types of attacks.

There are two ways that an organization can defend against these attacks, but these ways are not mutually exclusive. First, there are technical means of defense. For example, email blocking can help prevent attacks that are designed to impersonate other parties (such as banks or other trusted organizations.) Heuristic- and email reputation-based solutions are useful in this regard.

The second way is to harden your users. Teach them to be more careful, vigilant, and aware of the threats going on today. Make sure that instead of just ignoring these attacks, they report them to your own security team so that the entire organization can stay aware of what’s going on.

Even more important than how to protect data is deciding what data to protect. It is difficult, if not impossible, to protect everything. What you need to decide is: what matters most to your organization and needs to be protected? I would recommend using three categories:

  1. Data which is not sensitive
  2. Data which has a negative impact on your organisation if leaked
  3. Data which destroy your business if leaked

This organization sounds simple, but a lively debate is likely to ensue when classifying which data goes in what category. However, this is necessary: you need to figure out what is really important and what is core to your organization. Protect that first before anything else.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: CTO Insightsinsider attacks

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.