Understanding Insider Threat In Network Security

Understanding Insider Threat In Network Security

 

In my previous article, I have talked about a phishing attack in network security. In this article, I want to talk about all that you need to know about Insider Threats in Network Security. Follow me as we are going to look at this together in this article. 

Now, let’s talk about Insider Threats. Most Insiders are loyal, hardworking, employees who do meaningful work for their company, and at the end of the day go home to their family, friends and beloved pets. Moreover, we may think of cyberthreats as coming from an anonymous criminal who is far away and behind a computer screen, and cybersecurity measures at our places of business need to focus only on external threats. Unfortunately, an insider threat can be detrimental to an organisation, its data and brand reputation.

Both current and former employees possess valuable knowledge about a company and are capable of committing crimes that may cause irreparable harm to the organisation. 
Let’s define it. An insider has authorised access to company resources, such as critical information, personnel, equipment, facilities, networks, and systems. An insider threat is a risk an insider will use their authorised access, wittingly or unwittingly, to do harm to their organisation. 

Typically, an insider threat is a well-intentioned employee that ends up doing something accidental and puts the company at risks, such as clicking a phishing email or something negligent, such as a privileged user not following company policy in order to complete their work faster, which can result in some form of security compromise.

 
On the other hand, a malicious insider threat is connected to the organisation, and wittingly target it for an attack. They perform deliberate actions, such as malicious exploitation, theft, destruction of data, or the compromise of information technology resources. Research shows this person could be a present or former employee, contractor, a board member, or employee who has or had authorised access to the office building, networks, systems, or sensitive company information. 

Most insider threats are unintentional, hence our focus on training awareness. We must be vigilant. If you see something or hear something, then say something. For example: Who did you see? When did you see it? What did you see? Where did it occur?  Why is it suspicious? It does not matter how big or small it seems, such as a secured door that is left ajar, a confidential document that is left on the printer, or a piece of equipment is acting oddly. Report any suspicious activity to your manager and your organisation’s information security team. 

When it comes to cybersecurity, knowledge is power and that’s why, by Implementing actions you can take, you can avoid common traps. Be cyber vigilant out there. 

13 Ways To Avoid Cyber Security Threats

In my previous article, I have discussed some of the facts that you need to know about phishing and Business Email Compromise generally. In this article, I want to look at some of the facts that you need to put into consideration in order to avoid cyber security threats. Follow me as we will look at that together in this article. 
Security threats come from everywhere, all over the world, 24 hours a day, 7 days a week, and 365 days a year. Moreover, human error is the root cause of almost every single data breach that happens worldwide. 

  • Always follow the company policy and data handling guidelines. If you are not sure about a policy, please ask. There are no dumb questions. 
  • You need to back up sensitive and critical information on an encrypted device with a strong password. 
  • Be aware of shoulder surfing or people who hang around your desk and act suspicious. They might be looking for confidential information or watch you as you enter your password. 
  • Do not write or leave passwords on notes posted on or under your desk, computer or keyboard. 
  • Keep your desk free of any proprietary or confidential information, and securely lock private information away in a desk drawer when you leave your workstation for an extended period, and at the end of the day. 
  • Lock your computer screen and cell phone every time you step away to prevent anyone from seeing or manipulating confidential information on your device. 
  • Report broken doors, windows and locks to your security personnel as soon as possible. 
  • Report suspicious activity in or near your facility’s entry and exit points, loading docks parking areas, garages, and immediate vicinity, and always remember to lock your car. 
  • Report suspicious packages, and do not open or touch them.
  • Shred and destroy all documents that contain sensitive personal or organisational information rather than tossing them in the waste bin. 
  • Treat all devices such as a computer, CD ROM, USB Devices, and laptop as sensitive if they contain proprietary and sensitive data. Never share it with any unauthorised person, which includes your family members.
  • Use your badge to enter your workplace and do not allow tailgaters. Check for identification and ask a lingering individual to identify the purpose of their visit to your workplace. 

 

Facts About Business Email Compromise Attack

In my previous article, I have talked about some of the facts that you need to know about phishing activities in a network security environment. In this article, I will be looking at all that you need to know about Business Email Compromise fraud. Follow me as we will look at that together in this article. 

Let’s delve into phishing, spearphishing, whaling, CEO Fraud and Business Email Compromise. Cybercriminals craft legitimate email looking that encourages people to take action, such as clicking a link or opening an attachment, which at first glance look like it is from an authentic financial institution, e-commerce site, government agency or any other service or business. 

These attacks collect personal, proprietary. and financial information, and can infect your machine with malware and virus. Often, hackers use domain-spoofing techniques. They masquerade as coming from a sender that you may know, in an effort to get you to supply sensitive information, such as your login credentials, account numbers, credit card numbers, and money transfers. Because these emails look as if they legitimately come from sources you trust, it can be hard to tell that they are fake. 

Cybercriminals rely on email to launch an attack because it continues to work. They are appealing and believable because the email looks similar to a real request. To be successful, it must trick users. To protect yourself, be suspicious of any communication that directs you to take any action, no matter how official it appears, Remember to pause and look for clues to determine if it is fake. For example, does the bait look “phishy” to you. It’s an example of a high profile person receiving an urgent email that said he must change his password, and well, he clicked the link in this email.

One thing you need to remember is this, Stop and hover every link before you click! If you take a moment to hover your mouse over the link, you will see the true destination of that link. This is a significant clue to determine if an email is legitimate. 

For example, if you get an email that appears to come from your bank saying there is a problem with your account and you must log in to a website and correct the problem by clicking a link, do not click. Instead, open an up to date browser and manually type the web address to see what is happening. 

If you receive an email that requests the movement of money, such as payment of an invoice, even if it is from someone you know, we recommend that you use another form of trusted communication to verify that the message is legitimate before taking any action. Also, carefully check the email address. Just because a message says it is coming from the name of a person you know or trust, it does not mean that the email is from that person. 

Phishing attacks are sent to a wide audience. Whereas Spearphishing, whaling, CEO Fraud, Business Email Compromise and even vishing are directed towards specific individuals or business roles. Research shows that these attacks are effective 91% of the time. 

If an attacker is interested in breaking into a particular organisation, they might use a personally crafted email or a targeted phone call, seemingly from a source internal to that organisation or from a vendor that the organisation does business with and trusted. 

Many times, this fake communication appears as a direct message from your boss or any of the executives, if you are suspicious, even if the details appear to be accurate, do not respond. 

Over your mouse over links to check their true destination, and check for spelling and grammar errors. To be safe, never transfer money, divulge sensitive information, or grant special access without first double-checking to confirm from an alternate trusted source. 

Social Engineers are experts at impersonating legitimate sources, manipulating human nature to trigger an emotional response, and enticing you to skip normal security protocols. Don’t fall for it.

When it comes to cybersecurity, knowledge is power and that’s why by Implementing actions you can take, you can avoid common traps. Be Cyber Security safe out there.

In my previous article, I have talked about email and other activities of hackers that can affect network security generally. In this article, I want to talk about some of the ways of dealing with email spamming in network security. Follow me as we will look at that together in this article. 

Now, let’s talk about email. We spend a big part of the day dealing with our inbox. In fact, 300 billion emails are sent across the globe every single day. Email is the number one infection vector for all kinds of malware, including ransomware. A common form of malware transmission is via attachments. If you receive an email with an attachment, and the email is from someone you don’t know, you probably should not open the attachment. 

Let’s back off and talk about how you received this email in the first place. No matter if it is class spam or phishing, someone has your email address and it is been passed around among spammers. While it is difficult to keep your email completely secret, there are many ways to make your email less valuable to spammers. One of the most effective ways is to configure your email client not to display downloaded graphic messages. With spam, the mere act of downloading email images tells the spammer that there is someone looking at that email message. 

This always increases the value of your email address as a target. Most email clients that support this action will allow you to download the images for legitimate email messages. Therefore, they look well-formatted and easier to read. Generally, spam does not request an action, and to prevent further messages from the sender, simply mark that email as junk and block the sender. 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

     

Fact Check Policy
truehost
telegram
CRMNuggets Whatsapp Channel