Financial institutions have long been aware of criminals approaching members of staff and trying to get information or access from them.
According to Sisa Infosec, every year, more than 34% of businesses worldwide are affected by insider threats. With a survey by Fortinet revealing that fraud (55%), monetary gains (49%), and IP theft (44%) are the three most underlying reasons behind insider threats.
I have heard of employees being approached on the streets of Cambridgeshire when they have finished work, and this being a regular occurrence. But as this was known about and employees specifically warned and informed of the processes that they could use to report this, and the consequences, the number of employees being swayed was low.
But are the professional sectors aware of the latest way that criminals are approaching staff, and what they are being asked to do?
Did you know they might email staff directly? Such as in the case that Brian Krebs wrote about on his blog.
Or as in the case of Lockbit, leave it behind on their wallpaper once they have carried out a ransomware attack.
“Would you like to earn millions of dollars? Our company acquires access to networks of various companies, as well as insider information that can help you steal the most valuable data of any company. You can provide us accounting data for the access to any company, for example, login and password to RDP, VPN, corporate email, etc. Open our letter at your email. Launch the provided virus on any computer in your company. Companies pay us the foreclosure for the decryption of files and prevention of data leak.”
Blackmatter ransomware advertise for access on cybercrime forums with specific details of the type of companies that they are after with the promise of buying the access.
What can companies do?
Insider threats are one of the most difficult to guard against however there are some key considerations for companies.
- Make staff aware of the approaches that they might get and how to report them. One of Tesla’s employees was approached with a $1M deal for insider access. They reported it, helped with the investigation and the criminal, Kriuchkov was arrested. The ECRC can provide bespoke staff awareness training tailored to what threats your company and employees might face. Contact us now to find out more.
- Implement strong access controls and allow access to systems that people really need rather than everything. If you were working in a physical location, you might have some areas which were only accessible to staff who worked there, and for anything really valuable, maybe a safe. But you wouldn’t give the safe keys to everyone who worked for you. If your not sure about access control take a look at our short videos about it.
- Have internal network logging. This will enable you to see unusual activity, such as emailing 8000 sensitive files outside of the network which is what happened with General Electric. The NCSC has a free tool to help with this, Logging Made Easy. You can read more about it here.
- Have policies and procedures which cover data control and access. Consider limiting the number of attachments that could be sent out at once, maybe three, and then set up a rule which alerts you if any more than that are sent. This gives you the ability to check that what is being sent is going for a legitimate reason. Tell your staff that their emails are being monitored and tell them about the policy. If you are not sure whether your policies cover all that should be considered why not have a policy review with our affordable service?
Further guidance & support
Core members receive regular updates which include the latest guidance, news, and security updates. Our core membership has been tailored for businesses and charities of all sizes who are based across the seven counties in the East of England.
The ECRC is a policing-led, not for profit, membership organisation, with the aim to increase the cyber resilience within small and medium businesses within the East of England (Hertfordshire, Bedfordshire, Cambridgeshire, Norfolk, Suffolk, Essex and Kent).
Policing led - business focussed.