One of the most difficult problems for security professionals to grapple with is defending against dangers that come from within an organisation. Unfortunately, protecting against insider threats is often more complicated than traditional threat prevention. There are many different ways that an insider threat can manifest, making it necessary to approach the issue from a variety of angles in order to adequately address the risk. While this is a daunting task for security teams, it is a crucial part of a robust and layered security strategy. Insider threats can be extremely costly for an enterprise, as illustrated by the examples below.
Twitter Bitcoin Scam
In July of 2020, a number of high-profile celebrity and brand accounts tweeted out messages stating that all Bitcoin sent to their wallets for a period of time would be returned twofold—if someone sent $1000, they would receive $2000 back. The affected accounts included Kim Kardashian, Kanye West, Barack Obama, Joe Biden, Apple, and Uber. Twitter released a statement indicating that this attack was the result of employees with internal access falling victim to social engineering that allowed the bad actors to take advantage of their insider privilege. Losses from this incident totaled hundreds of thousands of dollars.
Cisco’s WebEx Attack
A 2018 incident involved a former Cisco employee, using network access retained from his employment, entering the systems of Cisco’s WebEx platform. He deployed code that deleted 456 virtual machines upon which the WebEx Teams application was hosted, which led to 16,000 WebEx Teams accounts being shut down for two weeks. In the end, it cost Cisco $1.4 million to remediate the incident and compensate customers who were affected by it.
