1 00:00:00,05 --> 00:00:01,03 - [Instructor] When we think 2 00:00:01,03 --> 00:00:03,03 about the cybersecurity threat landscape, 3 00:00:03,03 --> 00:00:06,07 it's easy to focus on attackers coming from the outside 4 00:00:06,07 --> 00:00:09,04 but internal threats can sometimes be just as dangerous 5 00:00:09,04 --> 00:00:12,02 if not more dangerous than outside threats. 6 00:00:12,02 --> 00:00:13,00 In this video, 7 00:00:13,00 --> 00:00:14,07 I'll cover what insider threats are 8 00:00:14,07 --> 00:00:17,04 and why we should be concerned about them. 9 00:00:17,04 --> 00:00:20,08 Insiders can include anybody who has inside information 10 00:00:20,08 --> 00:00:22,09 about your organization's data, 11 00:00:22,09 --> 00:00:25,09 IT systems, and security practices. 12 00:00:25,09 --> 00:00:27,06 This can include current 13 00:00:27,06 --> 00:00:29,09 or former employees, 14 00:00:29,09 --> 00:00:32,04 vendors with internal access, 15 00:00:32,04 --> 00:00:34,05 third party contractors, 16 00:00:34,05 --> 00:00:36,06 and business partners. 17 00:00:36,06 --> 00:00:38,08 The reason why insider threats can sometimes 18 00:00:38,08 --> 00:00:40,00 be more dangerous 19 00:00:40,00 --> 00:00:42,04 than outside threats is because trusted 20 00:00:42,04 --> 00:00:44,02 insiders have been given access 21 00:00:44,02 --> 00:00:47,03 to assets and data based on that trust 22 00:00:47,03 --> 00:00:50,05 and that access can be misused or abused. 23 00:00:50,05 --> 00:00:53,02 Insider attacks can also be hard to detect 24 00:00:53,02 --> 00:00:56,03 because trusted insiders may have legitimate access 25 00:00:56,03 --> 00:00:58,05 that allows them to access 26 00:00:58,05 --> 00:01:01,01 and steal data without going through firewalls 27 00:01:01,01 --> 00:01:04,07 or other controls that could track their activity. 28 00:01:04,07 --> 00:01:08,05 Types of malicious insider attacks include sabotage, 29 00:01:08,05 --> 00:01:12,08 where the goal is to damage systems or destroy data. 30 00:01:12,08 --> 00:01:15,00 Fraud, which can come in many forms, 31 00:01:15,00 --> 00:01:18,09 but often involves criminal financial transactions. 32 00:01:18,09 --> 00:01:20,05 Theft of sensitive data 33 00:01:20,05 --> 00:01:22,07 or intellectual property. 34 00:01:22,07 --> 00:01:26,01 And espionage, where the attacker steals sensitive data 35 00:01:26,01 --> 00:01:28,08 to sell to competitors. 36 00:01:28,08 --> 00:01:29,06 An example 37 00:01:29,06 --> 00:01:33,02 of a real world malicious insider attack was the case 38 00:01:33,02 --> 00:01:35,02 of a trusted software engineer 39 00:01:35,02 --> 00:01:38,06 at a cloud services provider who went rogue. 40 00:01:38,06 --> 00:01:40,07 She hacked into one of their customers 41 00:01:40,07 --> 00:01:43,09 using a firewall vulnerability that she found. 42 00:01:43,09 --> 00:01:45,09 She was then able to access accounts 43 00:01:45,09 --> 00:01:49,01 of millions of credit card customers. 44 00:01:49,01 --> 00:01:50,05 The hacked company recovered 45 00:01:50,05 --> 00:01:53,05 from the attack and patched the vulnerability 46 00:01:53,05 --> 00:01:55,08 but they estimated the total cost of the incident 47 00:01:55,08 --> 00:01:59,07 to be around 150 million dollars. 48 00:01:59,07 --> 00:02:04,02 Unintentional insider threats include human error, 49 00:02:04,02 --> 00:02:05,06 bad judgment, 50 00:02:05,06 --> 00:02:09,02 falling victim to a fishing attack or malware, 51 00:02:09,02 --> 00:02:12,03 and unintentionally aiding an attacker. 52 00:02:12,03 --> 00:02:16,00 An example of an unintentional insider threat was the case 53 00:02:16,00 --> 00:02:19,09 of an employee who had a question about how to format some 54 00:02:19,09 --> 00:02:22,07 of the data on a company spreadsheet. 55 00:02:22,07 --> 00:02:24,02 He emailed the spreadsheet 56 00:02:24,02 --> 00:02:27,09 to his wife's personal email account to ask her for help. 57 00:02:27,09 --> 00:02:30,03 While this may have seemed like a harmless action, 58 00:02:30,03 --> 00:02:32,07 it turned out that the spreadsheet had hidden columns 59 00:02:32,07 --> 00:02:35,05 which included sensitive employee data. 60 00:02:35,05 --> 00:02:37,00 This turned his simple email 61 00:02:37,00 --> 00:02:39,08 into a major security breach that had to be reported 62 00:02:39,08 --> 00:02:41,05 to the state's attorney general 63 00:02:41,05 --> 00:02:45,00 and likely cost the company millions of dollars. 64 00:02:45,00 --> 00:02:48,02 The Ponemon Institute regularly publishes reports 65 00:02:48,02 --> 00:02:50,05 on the cost of insider threats. 66 00:02:50,05 --> 00:02:52,06 Their research shows that the average cost 67 00:02:52,06 --> 00:02:53,07 from insider threats 68 00:02:53,07 --> 00:02:56,09 in North American companies is millions of dollars 69 00:02:56,09 --> 00:02:59,03 and the cost is rising every year. 70 00:02:59,03 --> 00:03:00,06 That's why we can expect 71 00:03:00,06 --> 00:03:03,06 that insider threats will continue to hold a place 72 00:03:03,06 --> 00:03:07,00 in the cybersecurity threat landscape for years to come.