The Threat Is Coming From Inside the Network: Insider Threats Outrank External Attacks

The Threat Is Coming From Inside the Network: Insider Threats Outrank External Attacks

iStock

The Threat Is Coming From Inside the Network: Insider Threats Outrank External Attacks

By Nick Bradley

• June1, 2015

Categories: IBM X-Force 

---

Nick Bradley

Practice Leader, Threat Research Group at IBM Security

Nick Bradley manages IBM’s Cyber Threat Research and the X-Force Threat Analysis Group, responsible for collecting and assessing current cyber threats affecting IBM clients and...

See All Posts

There are plenty of reasons to assume that most cyberattacks are the work of far-off bad guys with a political ax to grind or searching for fame and fortune. After all, we hear about them in news reports just about every day, leaving businesses and consumers wondering whether their data can ever be considered safe again. What’s not discussed, however, is that 55 percent of all attacks are carried out by malicious insiders or inadvertent actors, also known as insider threats. In other words, they were instigated by people you’d be likely to trust. IBM Security is releasing two reports to educate the public on these threats: the “IBM 2015 Cyber Security Intelligence Index” and the “IBM X-Force Threat Intelligence Quarterly – 2Q 2015.”

In the Cyber Security Intelligence Index, IBM Security Services reveals insights based on the continuous monitoring of billions of events per year. In 2014, organizations monitored by IBM Security Services experienced approximately 81 million security events, amounting to over 12,000 attacks and 109 incidents for each client. The Index proves statistically that every company is being compromised.
“Unauthorized Access” led all security incidents in 2014. For the two previous years, malicious code and sustained probes or scans dominated the security incident landscape. However, Shellshock and Heartbleed were game changers in 2014, which allowed Unauthorized Access incidents to rise to the top and account for 37 percent of all events in 2014, up 19 percent from 2013.

Download the IBM 2015 Cyber Security Intelligence Index

An Inside Job

The rise of social media, cloud, mobility and big data is making insider threats harder to identify while also providing more ways to pass protected information. If we break out the malicious insiders from the inadvertent actors, we see several profiles: disgruntled employees who exit the company but still have access to old privileges or create back doors before leaving; malicious insiders taking advantage of lax deprovisioning of expired or orphan accounts to attack valuable resources or with privileged access who sell information for financial gain; and the inadvertent insiders who do not mean harm but fall prey to social engineering schemes that grant access to outside attackers. There are even “quasi-insiders” who could be considered trusted third-party contract workers.
In the IBM X-Force Threat Intelligence Quarterly, we investigate how social engineering has turned an annoyance like spam into a legitimate attack vector, with for-profit operators creating and selling spam campaigns to trick inadvertent insiders to open an attachment or click on a link. Although the current volume of spam is comparable to that of 2013, the percentage of spam carrying malware jumped from 1 percent in early 2013 to around 4 percent in 2015, making this a high-growth channel for spreading malware.