Safeguarding Your Business from Rogue ‘Employees’

The global IT outage that halted significant portions of the international transport industry on July 19, 2024, was traced back to a faulty software update on CrowdStrike’s Falcon platform. This widespread technical glitch also disrupted the banking, retail, and public sectors, causing a huge amount of unexpected work for IT and cybersecurity professionals alike. Initially, there was widespread concern that the incident was the result of a cyberattack. These fears were eased when more information came to light. 

Microsoft disclosed that the outage affected an estimated 8.5 million Windows devices globally, all of which required resets in the following days and weeks. Predictably, criminals seized the opportunity to exploit the chaos by creating fake domains and launching phishing attacks to trick unsuspecting individuals into clicking on malicious links.

The economic damage was staggering, amounting to billions of dollars. This figure far exceeds the cost of any single cyberattack the global economy has ever faced. Cybercriminals can only dream of orchestrating such havoc on an international scale. But fortunately, this one wasn’t caused by a cyberattack or a cybercriminal.

So, what can we expect next?

This international incident raises an important question: what if a malicious actor could gain employment at a major technology company that has hundreds of business customers worldwide, and purposely upload a software bug to set an incident of this magnitude in motion? As a rogue ‘employee’ on the inside, could a threat actor cause mayhem, claiming it was a genuine mistake, while their colleagues executed a ransom campaign at the same time? 

While this may seem far-fetched, cybercriminals are known to go to great lengths to infiltrate organizations which supply software products and services to entire sectors. They are resourceful and creative – and cybercrime is how they make a living. So, it’s not beyond the realm of imagination that someone, somewhere, is plotting such an audacious heist right now.    

Fraudulent IT professionals

It was revealed last year that KnowBe4, a cybersecurity awareness training company, was deceived into hiring a software professional who turned out to be a trained threat actor from North Korea. Despite conducting extensive background checks before employing the candidate, the rogue ’employee’ began downloading malware as soon as they received their company laptop. Fortunately, the company’s endpoint security system detected the malicious activity and alerted the security team. KnowBe4 disclosed on its website that the imposter had used a stolen identity and enhanced the photo with artificial intelligence (AI).

While this incident was a particularly sophisticated breach of a company, it is unlikely to be the only attempt of its kind. According to some technology vendors, generative AI (GenAI) has now advanced to the point where it can impersonate an individual with just three seconds of audio and seven seconds of video. This development could pose significant challenges for security teams. Conversely, when leveraged effectively, AI can provide defenders with a substantial advantage over cybercriminals.

As cybersecurity constantly evolves, businesses must stay vigilant and proactive in their security measures to keep pace with new potential threats, including those arising from advances in AI and any other forms of technology.

Notorious insider crime

One of the most notorious cases of insider crime involves Harold Thomas Martin III. An American computer scientist and former contractor at Booz Allen Hamilton, Martin pleaded guilty in 2019 to illicitly removing 50 terabytes of data from the National Security Agency (NSA) – an organization that most people would be surprised to fall victim to such a crime. Over a period spanning 10 to 20 years, the U.S. government allegedly failed to recognize or adequately address numerous issues with Martin’s security practices and behaviors. His motives remain a subject of debate. Investigators reportedly struggled to determine whether Martin was engaging in traditional espionage or was simply a digital hoarder, as he never appeared to access any of the files he removed from government facilities.

Employee vetting

Companies employ various methods to vet prospective employees, ensuring they are suitable for both the position and the organization. Common vetting procedures include background checks, reference checks, right-to-work verifications, and social media screenings. Some companies even administer personality or psychological tests.

Given the sensitive nature of their work, defense and cybersecurity firms follow more rigorous vetting procedures than most other organizations. They might conduct citizenship verification, especially when national security concerns dictate hiring only nationals for certain roles.

Make sure your security partner runs adequate employee background checks

So, before you choose your cybersecurity partner, be sure to ask exactly what types of vetting and assessments the company runs for its employees. While it’s unlikely that cybercriminals will compromise companies and systems in this way, it has happened before, and it could happen again. Criminals like to use the element of surprise but they also aim for low-hanging fruit to make their task as easy as possible while trying to evade detection and remain elusive.

The post Safeguarding Your Business from Rogue ‘Employees’ appeared first on SiteProNews.