Could your most trusted employee be your biggest threat?

95% of cyber security breaches are due to human error, which in reality means it could be any user, at any time. The best bit? They probably won’t even know they’re doing something wrong, but they have inadvertently just become an unintentional insider threat. As Andy Pearch, Head of IA Services, CORVID, explains, organisations need to stop playing the blame game and pointing fingers at users when the system is compromised and instead ensure they have the right technology in place to take back control of their security defences.

Unintentional insider threats

A person becomes an unintentional insider threat when they unwittingly allow a cyber attacker to achieve their goal – whether that’s a breach of systems or information, or diverting payments to a criminal’s account. This can be through negligence or lack of knowledge, but can also be a result of just doing an everyday job.

Unintentional insider threats are particularly dangerous because the traditional methods of identifying insider threats don’t work – they don’t try to hide emails or files, because as far as they’re aware, they’re not doing anything wrong. If an attacker presents themselves as a legitimate person with the right credentials to request a change, the unsuspecting employee will probably respond exactly as the attacker was hoping.

Trusted employees have access to company-sensitive information, assets, and intellectual property, and permission to make financial transactions – often without requiring any further approval. Threat actors target these privileged, trusted people – impersonating suppliers, regulators, and known colleagues – and try to encourage them to do something they have permission to do, but shouldn’t.

Removing reliance on users

Email allows threat actors to communicate with users with almost no defensive barriers between them. Even the most diligent employee gets distracted, rushed, or slightly too tired, which is all it takes for a malicious email to achieve its objective – whether that’s clicking a link, opening an attachment, or trusting the email’s source enough to reply. Employees don’t expect to be attacked in a safe office environment but threat actors prey on this perceived safety to catch them off guard and socially engineer them into doing something they shouldn’t.

Many people think they know what a spam email looks like, but 97% of people are unable to identify a sophisticated phishing email. This is hardly surprising when considering there are, comparatively, so few highly-convincing fake emails; because they aren’t seen every day, employees aren’t always looking out for them. Then there are some methods of impersonation that organisations can’t realistically be expected to detect – for example, spotting the difference between a 1, l, and I (1, L, and i, respectively). Attackers know that employees aren’t meticulously scanning every email for tiny details like this, so they take advantage. If an organisation’s email security currently relies on users correctly identifying malicious emails 100% of the time, quite simply, their defences are going to succumb to attack.

Preventing the unintended

Research shows that 90% of organisations feel vulnerable to insider attacks, so now is the time for change. Monitoring normal access and behaviour patterns can give early warning signs of potential intentionally malicious activity, but the same can’t be said for unintentional insider threats. The attacker’s request could be comfortably within the scope of an employee’s daily duties.

The information available to users is often insufficient for them to determine whether an email is legitimate. As such, they should be suspicious and challenge requests, especially if they’re unexpected or urgent. Checks should also be put in place for a second pair of eyes to confirm certain requests before any action is taken, for example, changing payment details or making unscheduled wire transfers. If the request is for a financial transaction or asks for sensitive or personal information, phone the person who made the request (or better still, speak to them face-to-face) to confirm it’s genuine.

There is only so much humans can do. By having technology in place that alerts users to potentially malicious content and enables them to make an informed decision about an email’s nature and legitimacy before acting on it, organisations can take back control of their security defences instead of playing the blame game and pointing fingers at users when the system is compromised.



Ransomware attack has halted work at one of the world’s largest airplane parts manufacturers- Comment

It has been revealed that ASCO, one of the world’s largest suppliers of airplane parts, has ceased production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium. As a result of having IT systems crippled by the ransomware infection, the company has sent home approximately 1,000 of its 1,400 workers.

Full Story Here:

Commenting on the story is Javvad Malik, security awareness advocate at KnowBe4:

“Ransomware continues to be a growing risk for many companies and once inside a network, unless there are controls in place to prevent the spread, it can take hold of the entire infrastructure rapidly. It’s worth remembering that in most cases, the initial infection is through a phishing or spearphishing email, therefore it is important to train users and make them aware of the risks, so they can make better-informed decisions, and also escalate any potential issues where they may arise.” 



‘Encouraging engagement’ as Cyber Security Challenge UK and National Crime Agency join with North West Regional Organised Crime Unit to help youngsters use cyber skills in positive ways

On Saturday 8 June, Cyber Security Challenge UK and the National Crime Agency (NCA) delivered the sixth in a UK-wide series of Intervention Days designed to educate young low level intervention recipients and their parents or guardians through two tailored tracks on the consequences of breaking the law.

Joining forces with the North West Regional Organised Crime Unit and hosted by Irwin Mitchell Solicitors in Manchester, the year-long programme promotes positive diversions for teens tempted to misuse their technical abilities and inadvertently commit low level cyber-crime.

The Intervention Days consists of hands-on technical workshops and speaker sessions with industry experts to leave attendees better informed about what constitutes an offence under the Computer Misuse Act (CMA) 1990, and feeling encouraged to channel their cyber skills into lucrative careers that are both lawful and ethical. Parents and guardians were invited to participate in a dedicated track to empower them to support young people to pursue a multitude of opportunities for young cyber talent in industry.

Youngsters from their late teens and early twenties attended the workshop held in Manchester’s city centre, “I didn’t realise how high the demand for cyber security professionals was and that you don’t always need a degree; you don’t always need qualifications to get somewhere,” commented one attendee after the day, preferring to remain anonymous.

Detective Constable Will Farrell from the North West Regional Organised Crime Unit said: “Our Cyber Prevent strategy is to deter individuals from moving into, or deeper into cybercrime and to prevent reoffending. The North West Cyber Interventions Day was an important event enabling us to deliver structured awareness of the Computer Misuse Act and social responsibility messages to low level offenders who have already come to the attention of North West law enforcement. The really positive part of the day was helping to steer individuals away from cybercrime into doing legitimate things with their computer skills instead. Manchester is rapidly becoming the tech hub of the north and I can think of no better place to showcase cyber security career opportunities in the North West. It has been a privilege work with our partners to make this event such a success.”

Supported by both local and national employers, the agenda provides a strong set of positive role models for young experimental hackers to aspire to. Unsurprisingly, a criminal record comes with many disadvantages that can significantly limit the potential of these skilled youngsters who, in the majority of cases, are simply uninformed about the risks they’re taking. The Director of Professional Services from Manchester-headquartered information assurance firm, NCC Group joins CISO Graham Thomson from Irwin Mitchell Solicitors alongside experts from Grillatech, Distology and Context – each of whom represent industry partners keen to deter those at risk of offending and enthusiastic to attract new hires in a joint effort towards reducing the global cyber skills gap.

Ethan Thomas, Operations Officer at the National Crime Agency, added: “The National Crime Agency (NCA) has witnessed a rise in the number of young individuals engaging in cyber-crime for non-traditional reasons. As such, we created a National Cyber Prevent Strategy to reduce the traffic of talented individuals into criminality. One of the tools designed to deter and divert those with technical ability and at risk of criminal conduct was today’s workshop. It forms part of a regional roll-out following the success of the initial workshop pilot in 2017, and successive regional workshops delivered by Cyber Prevent Network Officers within the Regional Organised Crime Units. The workshop delivers education on employment opportunities, alongside the law and online social responsibility, allowing the attendees to make informed choices about the direction of their lives. The individuals present today have the opportunity to embrace a bright new future which aligns their technical skill sets to legitimate and legal activities.”

Dr Robert Nowill, Chairman, Cyber Security Challenge UK, said: “Cyber-crimes committed by young people usually escalate from experimental hacking, rather than malicious intent. Each Intervention Day enables both delegates and guardians to develop a better understanding of the law and the consequences of committing offences. Our aim is for people to leave feeling equipped with the knowledge they need to make informed choices in future, and inspired to apply their technical proficiencies lawfully and ethically.

“Our ongoing collaboration with the NCA, today supported further by the North West Regional Organised Crime Unit and NCC Group as well as cyber security organisations enthusiastic to nurture and hire young talent, provides a safe environment in which skilled young people can connect with industry and leave feeling confident that exciting career prospects are well within their reach.”

Colin Gillingham, Director of Professional Services, NCC Group, added: “The cyber security industry has a responsibility to engage with young people and help them to understand the breadth of cyber security careers that are available. These roles encompass a much wider variety of skills, experience and expertise than most realise, so it’s important to help people understand how they can channel their enthusiasm into an ethical and exciting career path.

“We’re extremely pleased to be supporting this event, which will undoubtedly help towards empowering the next generation to take up roles that enable them to use their skills and potential to create a rewarding future in cyber security.”



CCL Group enhances digital forensics capability with acquisition of Evidence Talks

CCL Group announces the acquisition of Evidence Talks, a digital forensics provider with over 25 years’ experience in supplying technology and consultancy services to law enforcement, defence, government and corporate organisations.

Evidence Talks joining with CCL Group is testament to the organisation’s commitment to continually innovating and providing world class digital forensics to UK and international organisations. Evidence Talks’ unique forensic technology and hardware further strengthens the depth and range of services that major organisations have come to rely on CCL Group for, when protecting communities and organisations from harm.

Over its 25 year history, Evidence Talks has earned a global reputation with law enforcement and the military with its SPEKTOR triage solution used in major operations to acquire data in the field from a range of devices in minutes, and provide actionable intelligence for fast moving investigations.

“CCL Group is delighted for Evidence Talks to be joining our company. The addition of Evidence Talks strengthens our overall presence in the digital forensics market with unique products and tools that have a significant impact on the success of complex investigations around the world. We look forward to deepening our relationship with Evidence Talks’ customers in the coming months and supporting their organisations to achieve their goals.” Andrew Archibald, CEO, CCL Group Ltd.

Elizabeth Sheldon, Co-Founder & Chairman, Evidence Talks commented,

“As one of the leading digital forensics providers globally, we are confident that CCL Group is the right partner to join forces with to build on what we have achieved so far and plan the next stage of our journey. CCL Group shares our passion and deep understanding of digital forensics and the markets in which we operate, and we look forward to bringing new innovation and industry leading solutions to our customers and partners.”



Nonprofit People Inc. suffer data breach impacting thousands- Comment

People Inc. is Western New York’s largest nonprofit, serving more than 12,000 individuals. Nearly 1,000 current and former clients of People Inc. have been notified of a security breach that may have exposed their personal identification information as well as personal health information. The nonprofit agency, which serves both older adults and individuals with developmental and intellectual disabilities, first discovered in mid-February that an unknown individual had gained access to an email account belonging to a People Inc. employee. An investigation followed by an independent forensic investigation firm, along with notifications to the Federal Bureau of Investigations and the Health and Human Services Office for Civil Rights’ breach portal.
Commenting on the story is Jonathan Deveaux, head of enterprise data protection at comforte AG:
“If there are companies that still think they are not targets of cybercrime, let this story be proof.  Even Non-profit companies may be subject to cyberattacks. It’s about the data.  Hackers and attackers don’t care what kind of business you run; they only care about the data you have.  Many past news headlines have been about credit card numbers stolen during data breaches, but what’s trending up lately, is unauthorized access to personal identification information (PII).
In the case at People Inc, personal Information such as Social Security numbers, driver’s licenses, health info, and financial data seemed to be the target, as an unauthorized wire transfer was attempted.  Bad actors can do more bad things with PII than they can with stolen credit card numbers. 
Companies who lose their customers’ PII can cause a huge impact on the individuals whose data they lost. 
“Credit cards can be replaced; identities cannot.”
You only get one social security number, so if it falls into the wrong hands, people can be impacted for years.
Cybersecurity training helps raise awareness with people who have access to sensitive and personal data, as it is common knowledge that people are the weakest link in the cybersecurity chain.  
Additionally, companies can look to deploy data security technology to help minimize the risk of data exposure.  Pseudonymization and Anonymization are highly effective methods companies can use through technologies such as tokenization or encryption.  And, as a by-product, both help companies address Data Privacy requirements, which are coming in force to the US, state by state, very soon.”