Creating a "human firewall" to deal with insider threats

In the first half of 2020, the FortiGuard Labs team found that the evolution of the work environment and greater reliance on personal devices open up new opportunities for cybercriminals to penetrate corporate networks. One of the most popular methods for hackers is the creation of easily adaptable to carry out attacks and similar to legitimate phishing emails. Of course, this tactic is not new, such attacks using social engineering are becoming more sophisticated and destructive, as employees continue to work remotely and remain isolated from their teams.

Необходимо снижать риски инсайдерских угроз

Whether they know it or not, employees can pose a significant risk to the security of corporate networks and the data they hold. The severity of this problem is confirmed by our recent research – 68% of organizations feel moderately or extremely vulnerable to insider attacks. This can include both malicious insider attacks and so-called "random insiders". According to the same study, representatives of cybersecurity teams surveyed identify phishing attacks (38%), targeted phishing (21%) (spear phishing – when an attack is directed at a specific person within a company), weak passwords (16%), and viewing suspicious websites (7%) as the main causes of accidental insider threats. In other words, opening the door for cybercriminals can be as easy as clicking on a link or downloading a file, without spending time determining whether it came from a trusted source.

Rene_tarun_fortinet.webp About the Respondent:

Rene Tarun, Deputy Director of information security at Fortinet

According to Wikipedia: Fortinet is an American multinational Corporation specializing in the development and promotion of software, solutions and services in the field of information security: firewalls, antivirus programs, intrusion prevention systems and endpoint security, and other products. In terms of revenue, the company ranks fourth among all companies specializing in network security.

Irresponsible behavior can have long-term consequences for organizations, especially in the event of data leaks. And as more employees work from home and cannot, for example, discuss a suspicious email with colleagues in person, their vulnerability to social engineering attacks increases. With this in mind, it is more important than ever that CISO prioritize their employees ' awareness of cybersecurity rules to help them understand the role they play in maintaining network security and reducing the risk of internal threats.

Creating a "human firewall" through the formation of a cybersecurity culture

Given that employees can be the best line of defense, it is critical that information security Directors train employees and inform them about the main provisions of the cybersecurity strategy. Using this approach, managers can be confident in their staff's ability to withstand various threats.

Regardless of their position or role in the organization, all employees must understand the consequences of security incidents and how they can affect the organization's functioning and their personal impact. The importance of this enterprise-wide strategic approach was highlighted in the 2019 Forbes Insights survey, which involved more than 200 cisos. When asked which security initiatives they plan to prioritize in terms of funding over the next five years, 16% of respondents noted the creation of a cybersecurity culture.

This is a step in the right direction – but to maintain the right cyber-hygiene, information security managers need to start by explaining to employees the importance of taking cybersecurity seriously. This can be achieved in the following ways:

Social engineering attacks are extremely common in organizations simply because they work. In fact, according to the Verizon 2019 Data Breach Investigations Report (DBIR), about one-third of all data leaks are somehow related to phishing. To combat this risk, CISO should inform their employees about common types of attacks that can be expressed in the form of phishing, spear phishing, smishing (a type of phishing via SMS) and other fraudulent actions allegedly on behalf of technical support. Training should be a priority, regardless of whether it is conducted through online conference spaces, video chat, or email. Understanding these threats and the associated signs will be crucial to ensure that employees don't fall victim to fake emails or malicious websites.

In addition to training common indicators of cyber fraud (such as "free" deals), educational programs should also include phishing training attacks designed to test knowledge and determine which employees may need additional help. Thanks to this tactic, employees will better understand when they are the target of a social engineering attack, and therefore will be able to act appropriately. The Fortinet NSE Institute offers a free information security training service for employees of organizations.

Create partnerships between the security team and other departments in your organization

Cybersecurity cannot rest solely on the shoulders of security and IT specialists, especially as cyber threats continue to become more sophisticated and harder to detect. In addition to maintaining General awareness, managers should also encourage collaboration between the cybersecurity division and other parts of the organization. This means helping both sides understand their mutual expectations. While the security team will be an expert in identifying risks and threats, other departments will play a crucial role in developing user-friendly policies that are easy to follow both in the office and in remote work environments, even for those who are not fully versed in IT issues.

Through a collective effort, CISO can ensure that all employees in an organization are not only aware of security policies, but also understand the impact their actions can have on the organization as a whole. By helping employees understand cybersecurity practices and the possible consequences of their actions, you can improve their response to a suspicious email or website, even when they are working from home.

When employees know what is expected of them and feel that they are part of the team, they are more interested in following policies and fighting "bad habits" – such as late password changes or using simple passwords. And as more employees follow suit, the "human firewall" that acts as the organization's first line of defense will only get stronger.

Use simple, but at the same time best practices

Even after employees understand what to look for in the event of a social engineering attack, they may still need guidance when it comes to the next steps. While suspicious emails are easy to ignore or delete, what about those that seem normal but the recipient is still not sure of their authenticity? In this case, CISO should encourage employees to ask themselves certain questions to help make the right conclusion: do I Know the sender? Did I expect this email? Does this email evoke strong emotions, such as excitement or fear? Am I being asked to act urgently?

While these questions should help clear up any confusion about whether an email is malicious, the recipient should still take additional measures to protect themselves and their organization. This includes hovering over links to make sure they are correct before clicking. You should also avoid opening unexpected attachments, but rather call the sender to make sure that they actually sent the email, and report any suspicious emails to IT specialists or the security team. By teaching their employees these steps from the beginning, CISO can avoid negative consequences in the future.

Final thoughts on insider threats

When it comes to securing an organization, awareness is a critical piece of the puzzle. Whether employees are aware of this or not, their actions can open the door for cybercriminals to access sensitive information, meaning that security passivity is no longer acceptable.

By prioritizing training and collaboration between different departments of the organization and the security team, information security managers can lay the Foundation for a strong cybersecurity culture. Detecting suspicious behavior, updating devices in a timely manner, and practicing safe behavior in cyberspace should be built into the structure of all work roles to ensure that the "human firewall" remains reliable.

Rene Tarun

Read also:

Healthcare and ransomware: how to protect your organisation

Ransomware attacks are on the rise. After a surge in remote working and with employees accessing organisational networks in ways that aren’t always perfectly secured, cybercrime has spiked over the past few months as malicious parties have ta...