Lesson 1 Part 3 PDF
Document Details
Uploaded by CooperativeJacksonville
Nanyang Technological University
Tags
Summary
This document discusses case studies of insider threats, including examples of employee data breaches and intellectual property theft at companies like Morrison's Supermarket, Yahoo, and MailChimp. It highlights the vulnerabilities exploited, strategies used to mitigate risks, and security measures to prevent future incidents.
Full Transcript
Lesson 1 Part 3 So let's look at some historical case studies because they can provide us with invaluable lessons and by studying these incidents we can get a better understanding of the insiders motivations behind their actions, the vulnerabilities they exploited, the strategies that organisations...
Lesson 1 Part 3 So let's look at some historical case studies because they can provide us with invaluable lessons and by studying these incidents we can get a better understanding of the insiders motivations behind their actions, the vulnerabilities they exploited, the strategies that organisations had to deploy to mitigate such threats in the future. So we'll take a look and see what the lessons learned are. So the first case is actually one of a disgruntled employee that relates to a supermarket in the UK by the name of Morrison's Supermarket. The case itself revolves around an incident that occurred in 2014. The individual concerned was given a verbal warning for a separate infraction of company policy. His name was Andrew Skelton, he was an IT auditor contracted by the supermarket at the time to transfer HR data to KPMG. He copied the data of 99,998 Morrison's employees including their names, bank account details, salaries, national insurance details and then he put them on a USB stick. He took it home and then he posted the data to a file sharing site. After the leak was discovered, Skelton was jailed in 2015 for eight years for offences under the Computer Misuse and the Data Protection Act. The impact was that thousands of Morrison's employees brought legal action seeking compensation for the upset and distress caused as a result of their personal data being leaked. Though Morrison's wasn't found primarily liable under the Data Protection Act due to the fact that it did have adequate and appropriate controls to protect its data and could not have prevented the misuse of data in this instance, the retailer was found initially to be vicariously liable. So that's the idea that an employer could be held responsible for the actions of an employee or for Skelton's actions. The lessons learned, so the courts originally judged in favour of the claimants or the employees but on the 1st of April 2020, the Supreme Court ruled in Morrison's favour, ruling that Skelton's actions were not closely connected enough to his job for vicarious liability to be established and bringing the case to its final conclusion. The Supreme Court has ruled that Morrison's supermarket is not liable for the actions of a rogue employee whose malicious actions caused a data breach. The second case study relates to theft of intellectual property and pertains to Yahoo. Yahoo alleged that their former research scientist, Kwan Sang, who worked as a research scientist at Yahoo, stole the company's intellectual property in February 2022. According to Yahoo's claim, the malicious insider was going to use the stolen data for financial gain from Yahoo's competitor, the trade desk. Now, prior to the incident, Sang had received a job offer from the trade desk and the company also claims that Sang stole other confidential information, including Yahoo's strategy plans and a competitive analysis of the trade desk. The impact was that upon performing a forensic investigation, Yahoo discovered that Sang had downloaded 570,000 files containing a variety of sensitive information and the source code of AdLearn, which was Yahoo's engine for real-time ad purchasing. Yahoo sued their ex-employee and claimed that the stolen IP would provide their competitor with a competitive advantage in the online advertising space, potentially resulting in financial loss. The lessons learned from this case were that Sang allegedly transferred the sensitive data from his corporate laptop to two personal external storage devices while he was still working at Yahoo. In most cases, such employee data theft can be easily prevented with the right security tools. Employee monitoring software could have prevented malicious activity in this case by enabling the security team to notice and react to suspicious activity in a timely manner. A USB device management solution could have also helped Yahoo's security officers detect the connection of unknown external storage devices. Yahoo's forensic analysis also showed that the insider communicated with someone on WeChat about using a cloud file backup system. Real-time user activity alerts and key logging cybersecurity capabilities could have helped the company flag Sang's communications about this suspicious matter prior to the incident. The final case study is that of a negligent insider causing a data breach. This relates to a company called MailChimp. Throughout 2022, MailChimp and its partners were targeted by cybercriminals and suffered several attacks. In January 2023, malicious actors managed to carry out a successful phishing attack and tricked at least one MailChimp employee into exposing their credentials. The impact was the data breach resulted in the compromise of at least 133 MailChimp user accounts. Some of the impacted accounts belonged to businesses like WooCommerce, Statistica, Yuga Labs, Solana Foundation, and Fanjo. The lessons learned were the perpetrators focused their social engineering attacks on MailChimp employees and their contractors. An employee's negligence or inability to recognize a social engineering attack made it possible for malicious actors to access their user accounts. Preventing attacks like these required regular cybersecurity training for employees and partners rather than relying on just security software alone. But also employing a two-factor authentication tool would have prevented the attacks from successfully compromising the credentials. So the common themes are many historical cases share common themes such as the exploitation of access privileges, the lack of awareness or oversight, and the failure to implement adequate security measures. So how do you mitigate these myriad of insider threats? So number one you have to look strategically. So implementing strict access controls and privilege management. It's a need-to-know policy that you have. If you don't need to know you shouldn't have access. You need to conduct regular security awareness training. So one of the things that Mastercard does is every month we are tested with fake phishing emails. And actually the majority of people that click on the malicious links are in our tech sector because they think that they know everything about tech and that they'll never fall victim to these threats. But we have proven in the organization tech people are more likely to click on a link than non-tech people. And you need to do advanced analytics and behavior monitoring to detect anomalies. So for example if you have someone who gives notice to leave your company they should immediately go onto a detection radar for the 30 days leading up to their elimination from the company. Because during that time they are heightened in terms of the data and harm that they may cause to an organization. And then finally you've got establishing a comprehensive insider threat program. So identifying the types of insider threat is basically just the first step in crafting an effective defense strategy. Because you need to understand the motivations and behaviors associated with each type of insider and tailor your cyber security measures to detect and respond to insider threats more effectively. So concluding this lesson let's talk about insider threats stem from misuse of access by organization members with varying motives and impacts. We've discussed the types of insiders including malicious, negligent and infiltrators and each poses a different security challenge. Threats, risks and financial reputational operational harm and legal issues are also something that you need to consider. And we've talked about historical examples highlighting the threat diversity and underscoring the need for robust preparedness and response. And mitigation obviously involves technical policy and cultural strategies to enhance securities. So understanding the nuances of insider threat, recognizing the potential impacts and implementing robust mitigation strategies are absolutely essential for protecting your organization's assets. And through continued learning vigilance and adaptive security practices you can better anticipate and counter the risks posed by insider threats.