sb-as logo
Story image

Insider threats escalate and thrive in the Dark Web

22 Jun 2016

Article by Avivah Litan, Gartner research analyst

Insiders are being actively recruited by criminals operating on the Dark Web, according to Gartner clients. Disgruntled employees working at companies across many sectors, such as financial services, pharma, retail, tech, and government are gladly selling their services to the bad guys in order to inflict harm on their employers.  Seeking harm and revenge on employers is a bigger incentive for insider threats than is stealing money from employers, according to our clients.

Gartner clients are increasingly inquiring about how to address and mitigate insider threats – which is a stark contrast to just two years ago when private sector clients would barely utter the words ‘insider threat’. (Of course combating insider threats became a passion and a mandate in the federal government, following the Snowden leaks).

Gartner clients tell us that the reason for the increase in insider threats is in fact the ease in which disgruntled employees can ‘get back’ and harm their employees by selling their insider knowledge and services to bad guys on the dark web. All they have to do is log onto TOR and make their available services known and the criminals happily pounce on their offers.  The criminals even bicker amongst themselves for control and ownership of a trusted insider. See graphic below for a screenshot of this activity from a relatively new threat intelligence firm, Diskin Advanced Technologies.

On the technology front, enterprises should;

1. Consider using ‘insider intelligence’ along with employee activity analytics and monitoring. Insider intelligence combines both internal and external information to create a ‘dossier’ on each employee, highlighting those that present the most risk to the organization. Creepy I know, but necessary in high risk situations.

2. Decide if they want to take a ‘light’ ‘medium’ or ‘serious’ data and information approach, that differs based on the type of data and information fed into the insider threat analytics system. The analytics will only be as good as the data it has to work with.

3. Determine which type of analytics they want to use. Most will want to start by discovering and highlighting ‘known’ bad activities. Gartner clients tell us that about 80% of insider threat techniques are ‘known’.  Once comfortable with that type of detection, enterprises can move on to detecting ‘unknown unknowns’ using anomaly detection or unsupervised machine learning. 

Conclusion

Combating insider threats is a sensitive and potentially creepy undertaking. No one wants to impinge on employee privacy but at the same time, no one wants to watch years of expensive R&D or other undertakings go down the tube either. Organizations will have to be the judge of how high their risks are and how far they need to go fighting it.

Organizations also can’t count on technology solutions to solve all their insider threat problems. Technology solutions will NEVER catch trusted insiders doing normal things.  For that, we still need good old fashioned workforce management, perhaps supplemented by new evolving ‘insider intelligence’ solutions.

One thing is for certain – insiders are very much in demand in the Dark Web.

​Article by Avivah Litan, Gartner research analyst

Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Link image
Why the threat of ransomware requires quality resources to keep it at bay
With this ransomware prevention kit, learn actionable tactics for IT departments on how to manage backups and enable staff so that ransomware is a managed and controlled risk.More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Microsoft establishes data center region in Taiwan
Microsoft’s ‘Reimagine Taiwan’ initiative will be bolstered by the company’s plans to create a new data center region in the country.More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More