While the nightmares that keep company’s chief security officers up at night may be many, fears of cyberattacks and data security breaches are usually near the top of the list, according to Tim Murphy, a former deputy director and chief operating officer of the Federal Bureau of Investigation (FBI). We spoke with Murphy about the state of cybersecurity and ways that businesses can protect themselves. Murphy will also be speaking on a panel titled, How to Be a Cyber Fighter: Defending Against Cybercrime Threats at the upcoming ACAMS moneylaundering.com 24th Annual International AML & Financial Crime Conference.
Think about what you’ve heard about cyber-breaches in the news. North Korean hackers target U.S. businesses during the meetings between President Trump and North Korean leader Kim Jong-un. Iranian cyber-thugs use computer-guided controls to paralyze a 20-foot-tall New York dam as a possible practice run for a more disruptive invasion of our nation’s power grid. Special Counsel Robert Mueller (who also happens to be Murphy’s former boss), indicates that Russians engaged in an elaborate hacking and influence campaign during the 2016 presidential race. Does that make you nervous? It should.
“I rate this (cyber-attacks) as the number one threat facing this country,” Murphy says. “Cyber-crime has always been there — financial institutions and other corporate teams are just more aware of it now, with better public-private partnerships and private-private partnerships working together to mitigate this risk.”
One of the main reason for the growth of cyber-hacking is the balance of power. Stealing data is a great equalizer for certain militarily disempowered groups ranging from organized crime syndicates, weakened nation-state actors, or even the Edward Snowdens of the world. Data theft — whether corporate trade secrets or data stolen and then released to influence elections — pose a serious threat and have national security implications. We need to stand up and pay attention to these malicious cyber-strikes and understand their inception, Murphy explains.
Insider Threats Examined
Threats don’t come in one flavor, Murphy adds. It is a complex issue, originating from both inside organizations and outside.
For example, malicious, insider threats see current or former employees or even third-party vendors acting with nefarious intent. They are out to steal intellectual property or funds or simply to create havoc. The danger in these employee-related crimes is that they have inside information concerning the organization’s security practices, data and computer systems. Third-party vendors can also disrupt the supply chain. “A lot more work has to be done around screening third-party vendors if you are bringing them in and partnering,” Murphy says.
But there is a more serious issue looming. Workplace violence is also a rising insider threat, whether coming from the lone gunman, the disgruntled employee, or the dangerous person who has no reason left to live and wants to inflict harm on others.
“People are stealing. People are dying. Our intellectual property is leaving. Our democracy is suffering,” Murphy warns.
Some of the best ways to combat the attack, he says, is to respect citizen’s privacy, but also to learn how to create an insider threat program and analyze external risk indicators found in electronically available public information and open source data to help detect, prevent, and respond to insider incidents.
“I rate (cyber-attacks) as the number one threat facing this country. “Cyber-crime has always been there — financial institutions and other corporate teams are just more aware of it now.”
Basically, this means a continuous monitoring of an individual’s public, online activity as well as the internal, network activity in order to detect changes in behavior. If an employee goes from posting pictures of their dog on Instagram to suddenly posting pictures of guns and making threatening comments about their co-workers, we should pay attention.
Pattern of Behavior
Often, cyber-attackers have patterns of detectable behavior and network activity which can provide indicators of risk, assist in early detection, and speed up response time of an actual incident including:
- What are employees doing on the network? Who are they doing it with?
- Are employees leaving with data and files?
- Are employees sharing sensitive and even classified information with outsiders in violation of company policy?
Also, monitoring an individual’s external exchanges such as social media posts or any other pre-attack indicators in the public record could identify an event in a person’s life which may lead to violence. Murphy was clear, this is about balancing privacy concerns with saving citizens’ lives.
“If you are analyzing the right behavior patterns, you might be able to intervene and get people the help they need before they do the unthinkable,” Murphy adds.
The “Unintentional” Insider Threat
Then, there are employees who through negligence or simple carelessness, fall into a security breach by, for example, carelessly clicking on a link in a random email. This scenario is far more likely than a malicious employee, and can lead to data breaches, more phishing emails, and ransomware — they are all interrelated.
There are ways to mitigate the threats, however, Murphy says, including:
- Use employee and contractor training;
- Understand the threat presented by an insider;
- Continuously monitor employee and vendor networks;
- Update and upgrade software immediately, including application white listing and operating system patching;
- Encrypt, encrypt, encrypt; and
- Establish multi-factor authentication.
If employers take these steps, a number of studies have shown they can reduce 80% of the most common cyber attacks and risks to their organization, Murphy says.