Monica Gupta is a Product Marketing Manager at Mimecast and is currently focused on vertical marketing within the legal and financial services industries. Monica's expertise is focused on solution and vertical marketing, driving innovative vision and differentiated messaging for the healthcare, banking/financial and legal industries. Experienced in both hardware and SaaS offerings, Monica has extensive knowledge on data security including cybersecurity, insider threats, compliances regulations including HIPAA, GDPR, PCI-DSS as well as driving product demand and sales enablement activities. Before pursuing a career in marketing, she designed semi-conductors at Advanced Micro Devices (AMD) and Micron Technology. Monica has a BS in Electrical Engineering from Northeastern University and a MS in Electrical Engineering from Stanford University.
Sometimes, bad things happen to people with the best intentions.
In this occasional blog series, we focus on how the actions of your employees can represent insider threats. This time we’ll explore best practices your IT team can implement to minimise the potential of accidentally launching a ‘patient zero’ attack against your customers and partners which could result in long-lasting reputational damage to your organisation. .
Insider Threat Scenario: Oops, Did I Do That?
Ginny was doing some market research for her organisation and came across a report she believed could be useful. She downloaded the report onto her work computer and opened it. There were several URLs embedded into the report that linked back to the source of certain statistics.
When Ginny clicked on one of these links, it caused malware to be unleashed onto her laptop. The malware was not noticeably detected by Ginny but it was powerful. It lurked in the background, storing her keystrokes and patiently waiting until it had collected her login credentials. The attackers behind this malware then used Ginny’s credentials to log onto her system, access her inbox and launch a larger scale attack by sending emails to all her contacts.
These malicious emails spread quickly through her organisation and beyond, landing in the inboxes of her colleagues, customers and partners.
A Reputational Security Nightmare
Employees play a big role in helping to maintain a secure environment for your organisation. And those with customer-facing roles represent the organisation and its brand when they engage with third party vendors, partners and customers. If the security of these employees is compromised, not only can it have a negative impact on the organisation, but it can also leave a ‘bad taste’ in the minds of their partners and customers. There is a level of trust between customers, partners and other third parties that sensitive data will be protected and appropriate security measures will be taken to safeguard against compromises.
Once Ginny’s customers or partners realise that the email they received from her was indeed malicious, they may feel violated. This could result in long-term reputational damage and further negative consequences including a lack of trust by customers, unwanted publicity, lost business, lost revenue and possibly even lawsuits.
Your Insider Threat Program
Traditional email security solutions focus on protecting inbound email from phishing attempts, malware, impersonation attacks, malicious URLs and attachments and other sophisticated attacks.
But what happens if a threat is introduced internally by the actions of your employees? Human error plays a big role in data breaches – in fact, research shows that over 90% of such incidents are initiated by employees making “bad decisions.” And while many of these compromises are initiated unintentionally on the part of the employee, once a threat is introduced into the system, it can cause significant harm to the organisation and its brand.
Does your IT team have systems and procedures in place to identify the source of a threat and stop it from spreading? Emails sent between users or from internal users to third parties, such as customers and suppliers, represent the majority of most organisations’ email traffic; however, they are often left under-protected.
In this scenario, having full visibility of your internal and outbound email traffic would enable your IT staff to monitor and detect threats that originate within the organisation. Without insight, it can often take days, weeks or even months to isolate a threat and stop it from spreading. By then, the damage caused to your reputation may be irreparable.
Once a threat has been detected, threat remediation services integrated into your current email security solution would enable your IT staff to automatically or manually remove emails from users’ inboxes that should not be sent or viewed.
Catching malicious emails before they spread to external third parties is a powerful way to protect your organisation’s brand and reputation.