IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

How MSPs can help businesses identify insider threats

Businesses should improve working conditions to eliminate the risk of fostering a mole on the inside

grafitti of a spy on a wall

COVID-19 has affected the security posture of many organisations. Partly resulting from the need to shift workloads to the cloud, there’s been a surge in ransomware attacks. 

While the sums that hackers demand have roughly stayed the same, the average cost of downtime has doubled and is now 50 times greater than the ransom itself, according to recent findings. Consequently, four in ten MSPs have seen their clients hit by downtime that almost crippled their business. Insider threats are certainly contributing to this ransomware problem, and they are only likely to increase over the next year.

A mole on the inside

They normally come in two forms. The first involves a colluding insider who’s being forced, or paid, to share information or execute illegal acts. For example, an employee on a £34,000 salary could be lured by a cyber criminal to facilitate an attack by - seemingly unintentionally - opening a bad link, installing software or providing access to business information for a promised payout of £200,0000. If the employee believes it’s possible not to get caught, he or she might feel his action presents a fairly low risk for a large reward.

This scenario may sound like the storyline of a low-budget film, but only last summer, Tesla made the headlines when a ransomware group approached one of its employees with an attempted bribe. According to reports, the group offered the Gigafactory employee $500,000 in cash in return for installing malware on Tesla’s network, using either a USB drive or an email attachment. Luckily for Tesla, the employee turned down the offer and alerted his employer instead – but this story is a cautionary tale for other organisations.

By far the largest proportion of insider threats, however, are accidental. Coming from employees who aren’t being intentionally malicious, they’re down to user error or sheer lack of knowledge - with users making basic mistakes that leave the door wide open to attackers.

One example is an employee reusing credentials across personal and business accounts. Recycling passwords is, of course, never a good idea; having the same password for an online gaming site and access to the work computer is downright reckless. The gaming site is hacked, the harvested credentials are sold on the dark web, and they end up in the hands of a would-be attacker, who uses them to phish for elevated access rights within an organisation and launches his successful ransomware campaign.

The attack might have been thwarted had the organisation implemented two-factor authentication or encouraged the use of secure password managers, making them available for employees’ personal use, too. Education, training and clearly communicated security processes go a long way in preventing these types of attacks.

Monitor for signs of mistrust

One first step is to identify which staff members are potentially most open to bribery due to the fact they’re financially vulnerable. Law and finance firms routinely perform credit checks on candidates and are legally required to do so. Other businesses might also consider asking for permission to run a credit check before offering someone a job.

The second step is to have a formal employee engagement programme in place to measure and improve employee satisfaction. Track comments made about the organisation on social media, and make sure employees understand what information not to share. Social engineering tactics used by attackers often focus on disgruntled employees, so know who is at risk and, if needed, increase monitoring of that user’s endpoints. Lower the threshold for triggering security alerts – for example, when USB drives are connected or traffic to unusual IP addresses is detected.

Thirdly, carefully monitor shadow IT to understand where data is entering and leaving your client’s environment. Put controls around any tools accessed by employees, including chat platforms that haven’t been permitted for use. Collaboration tools such as Microsoft Teams and Slack have seen a surge in popularity, but pose a new risk because most users will automatically assume that the content they receive and share on these platforms is safe.

Finally, make sure users are fully aware of the security controls that are in place. Instead of creating fear, explain how threats are monitored for the protection of both the business and its employees. Train users to forward anything suspicious to the security team for examination, and create a culture where it’s safe to admit that you have fallen victim to phishing. The security team can reset stolen credentials within seconds, stopping any follow-on attacks in their tracks.

Ultimately, minimising the insider threat comes down to ensuring your staff are happy, well-paid, and security-aware. A high level of transparency encourages everyone to adhere to security standards. And for those few with malicious intent, knowing that they may get caught will make them less likely to agree to risky behaviour.

Ryan Week is CISO at Datto

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Google unveils new Assured Open Source Software service
open source

Google unveils new Assured Open Source Software service

18 May 2022
Malwarebytes hires new channel chief to lead MSP and partner network
Managed service provider (MSP)

Malwarebytes hires new channel chief to lead MSP and partner network

18 May 2022
Palo Alto and Deloitte to deliver managed security services in the US
Managed service provider (MSP)

Palo Alto and Deloitte to deliver managed security services in the US

17 May 2022
US and EU thrash out plans to avert chip production “subsidy race”
Hardware

US and EU thrash out plans to avert chip production “subsidy race”

17 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022