April 23, 2019
Insider threat or not? That seems to be the questions surrounding a recent breach that struck Microsoft between January and March. Some reports are saying that it absolutely is, while others say it isn’t. Let’s look at a couple.
Via Verdict: Microsoft hack another case of insider threat. According to the story:
The Microsoft hack that saw Outlook.com accounts accessed between 1 January and 28 March 2019 is the latest example of insider threat, a lesser known area of cybersecurity businesses should be paying attention to, according to cybersecurity experts.
For cybersecurity experts, the attack highlights the risk posed by insider threats – where people inside the organisation, such as former employees or contractors, present a security risk.
“This is another case of insider threat, which often gets a lower level of attention and priority,” said Anjola Adeniyi, technical leader at Securonix. “Organisations should understand that while the likelihood may be lower than other forms of cyber risk, its impact can be much greater and therefore should give it a bigger focus. Insider threat is not only about malicious users, as we see in this case of a compromised user.”
Via Wired: MICROSOFT EMAIL HACK SHOWS THE LURKING DANGER OF CUSTOMER SUPPORT. According to the story:
“We have identified that a Microsoft support agent’s credentials were compromised, enabling individuals outside Microsoft to access information within your Microsoft email account,” Microsoft said in a statement, indicating that the attack was not the result of an insider threat. But that raises even more questions.
We suppose there can be some room for subjective judgments on whether or not incidents are the result of an inside threat. In this case though, available information leans towards it being exactly that. You don’t have to take our word for it though, let’s look at some objective definitions.
The Department of Homeland Security defines insider threat as: the threat that an employee or a contractor will use his or her authorized access, wittingly or unwittingly, to do harm to the security of the United States.
TechTarget SearchSecurity says: Insider threat is a generic term for a threat to an organization’s security or data that comes from within. Such threats are usually attributed to employees or former employees, but may also arise from third parties, including contractors, temporary workers or customers.
Wikipedia has a lengthy definition and points out that there are three distinct types: 1) malicious insiders, which are people who take advantage of their access to inflict harm on an organization; 2) negligent insiders, which are people who make errors and disregard policies, which place their organizations at risk; and 3) infiltrators, who are external actors that obtain legitimate access credentials without authorization.
Our opinion, the hack was an insider threat, absolutely.
For more information about how frequently similar types of insider threats take place, read our 2019 Insider Threat Intelligence Report, which also provides comprehensive guidance on how to reduce risk.
TransUnion Gets Serious About Insider ThreatDtex works daily with organizations that are either already committed to reducing insider threat risk and which are starting to recognize how real a problem it is. We’ve noticed that in several instances, organizations have created specific positions dedicated to addressing the problem. It caught our eye that data giant TransUnion has recently decided to expand its security practice by hiring to fill an insider threat position. If you are in the market, check out: TransUnion, Senior Manager, Insider Threat Investigations