At the beginning of August, Anthony Levandowski was sentenced to 18 months in prison. A former Google engineer and Silicon Valley big shot, he’d pleaded guilty to stealing trade secrets from the search giant’s self-driving car project, Waymo, having used its intellectual property for personal profit. His own self-driving car startup – bought out by Uber – exploited the progress Waymo had made, the technical challenges it had faced, and its solutions.
The story has dominated security news recently, bringing the problem of internal threats under the spotlight once more. As cybersecurity specialists, we know the importance of defending against hackers and external bad guys looking to break into a system, but we don’t always consider protecting ourselves from those supposedly on our side.
With fewer barriers to overcome to gain access to company secrets or intellectual property, bad actors could easily be tempted to make a move against their own company. While external attackers are largely motivated by financial gains, it seems insiders act upon a variety of other factors too, be it boredom, curiosity, the urge to make a task easier by bypassing security protocols or – the most dangerous reason – enacting revenge on a workplace grudge.
But to properly defend against these sorts of attackers, you first need to know what to look out for. In its 2019 report, Verizon established five main types of insider threats that your organization should be keeping an eye out for.
The careless worker
As the saying goes, carelessness causes chaos – and for good reason. Security protocols are in place to protect employees and the company at large, so those who misuse assets, misappropriate resources, break acceptable use policies, mishandle data, install unauthorized applications, or use unapproved workarounds are considered one of the biggest threats of the security landscape.
Just like in spy movies, a company might sometimes have a mole. Probably much less exciting than a Hollywood blockbuster would suggest, these espionage agents will steal information on behalf of an external third party, being recruited, solicited, or bribed to exfiltrate precious data, which might then be sold on the dark web or to put rival companies ahead of the game.
The disgruntled employee
Unhappy employees can cause a world of damage. Feelings of unfulfillment, anger, and wasted talent can push a person to harm their organization, be that by destroying company property, purposely mishandling data, or disrupting business activity.
The malicious insider
It can be tempting to take advantage of privileged access to corporate information. The amount of money to be made from selling company intelligence could be huge, and for an individual with zero loyalty for their organization, taking the info and running could be an easy option – bolstering their bank balance in the process.
Feckless third parties
Security can also be compromised by the simple negligence of business partners, misusing assets whether knowingly or not. Keep an eye on your third party partners, vet them properly, and make sure they are up to date on the latest protocols and rules for accessing information.
There are of course ways a manager or team leader can mitigate potential insider threats before they result in catastrophic breaches, including restricting access to data on a strict need to know basis and the monitoring of sensitive areas, external storage usage, network traffic, and unusual activity. But as we at Immersive Labs say time and time again, exercising skills and battle-testing teams are the only ways to prepare your company for when the real thing strikes.
How would you deal with insider threats like Levandowski in your company? What are the first steps to take upon realization, and who do you tell first? How would you go about solving the problem once it has already begun?
Using our Cyber Crisis Simulator you can stress-test your incident response capability in an emerging attack scenario based on the Levandowski incident. You’ll be able to experience how human psychology plays its part in an evolving crisis and see the impact of decisions made under pressure in real time. You’ll step into the shoes of the security lead for a team with an intelligent yet disruptive employee, and deal with the consequences of his misbehaviour.
Want to learn more? Book a demo today.
20 August 2020
Latest Blog posts
One-day exploit party with SaltStack
2 March 2021
Why so salty? Local privilege escalation on SaltStack minions
26 February 2021
Diverse organizations build high-performing crisis response teams. Here’s how.
24 February 2021
New package management flaw: dependency confusion
22 February 2021
Being out in the workplace: Why being open matters
15 February 2021
The digitalization of kidnap and extortion: a modern business dilemma
11 February 2021