When we consider the range of cyber-threats, we generally imagine external attackers -- foreign states, criminal underworlds or lone script kiddies. But the reality is that a large proportion of vulnerabilities and "threats" that organizations face today come from legitimate network users. The insider threat is still often woefully underestimated.
For all the sophistication of hackers today, insiders will always have an obvious advantage over a wannabe attacker -- they already have access. Certain privileges have to be given to employees for them to do their jobs. But that creates an inherent vulnerability in which insiders pose a constant and inescapable threat to Canadian businesses. Either through a genuine mistake or deliberate action, an employee can bring an entire company to its knees with the click of a button.
For instance, an employee working remotely may log in to a free WiFi hotspot. Not realizing the WiFi is fake, they don't give a second thought to the fact they're using a company laptop. The second they log in, a threat-actor gains access to their company credentials and uses them to infiltrate the network. From there, they can launch a ransomware or DDoS attack, or steal commercially valuable data. While setting company-wide best practices can help mitigate risk, organizations can't expect 100 per cent of their employees to make the right decision every time.
Insiders can all too easily get their hands on valuable data - whether to pass on to a competitor organization or to wield political advantage within their organizations.
Many insider threats arise from employees making innocent mistakes, or purposefully bypassing security protocols for the sake of convenience. A far more insidious type of insider threat involves deliberate, malicious action, of course. Insiders can all too easily get their hands on valuable data -- whether to pass on to a competitor organization or to wield political advantage within their organizations. Edward Snowden proved that even the most security-conscious organizations can't protect from motivated insiders.
With such a wide range of potential motivations, it can be difficult to identify high-risk users in advance. To make matters worse, insider threats aren't limited to employees. Subcontractors, third-party vendors and temporary workers all have the ability to inflict disproportionate harm. To tackle this complicated issue, businesses need to start rethinking their use of technology and security solutions.
Recent advances in machine learning technology can protect against insider threats by identifying unusual behaviour within a network in real time. At Darktrace, we refer to this as the "immune system" approach. Like the human immune system, this approach is self-learning. It develops a unique "pattern of life" for every user and device as it learns normal behaviour for the network.
The real story is that many of the most serious threats originate from the inside.
The system then detects any activity that diverges from normal behaviour. For instance, an employee sending abnormally large amounts of data to an unknown foreign server would immediately be flagged, as would suspicious Wi-Fi connections, abnormal login times and any number of other anomalous activity.
Crucially, an "immune system" approach like this doesn't look for a specific type of suspicious activity. Social engineering attacks can take any number of forms, and careful insiders can exfiltrate data slowly and cleverly to bypass traditional security systems. By using unsupervised machine learning, the system doesn't require rules, signatures or prior knowledge to detect potential insider threats. Rather, it continually learns and adapts to detect anomalous activity that indicates potential insider threats.
Immune system technology doesn't monitor certain users or certain devices in particular. Instead, it analyzes the raw traffic of every device and user on the network, simultaneously creating a holistic picture of the network and providing unprecedented visibility.
Traditional security solutions may doggedly focus on keeping external attackers out, but the real story is that many of the most serious threats originate from the inside. While firewalls and perimeter security are important, the cyber security solution for the future has to catch threats that are already alive and kicking inside organizations -- some of the most harmful threats now come from within.
Follow HuffPost Canada Blogs on Facebook
Also on HuffPost:
Last year, British teens Ryan Cleary, 20, and Jake Davis, 19, made headlines for targeting the CIA, the Pentagon, NHS, Sony, Nintendo and The Sun. Most notably, the pair - known as "LulzSec" online - pranked The Sun by replacing its homepage with a spoof of Rupert Murdoch's obituary. Now, they both face jail time.
Last year, then-18-year-old hacker, who called himself DJ Stolen, hacked into the personal computers of several pop stars. He stole multiple unreleased tracks from Lady Gaga, Ke$ha, Leona Lewis, Justin Timberlake, and Mariah Carey over the course of two years and sold them online. He also downloaded explicit photos from Ke$ha's computer. His punishment included 18 months in detention and therapy for internet addiction.
14-year-old Irish hacker broke into the online servers of Call of Duty: Modern Warfare 2 to start a phishing scam, but it didn't land him in court. Instead, Microsoft was so impressed with his skills that they offered to work with him to develop his talent for good. That's one way to land a job!
If you've ever jail-broken your iPhone, you have 20-year-old Nicholas Allegra to thank for that. The tech whiz finds cracks in Apple's coding system and exploits them, allowing users to install any application on their phones. Apple responded by making its code tougher to crack, but will that be enough to stump Allegra?
By 14, Aaron Bond had already designed six apps. But the tech-savvy teen went a little too far - he hacked into his school's computer after supposedly seeing a set of password keywords in the school's office. He was expelled; however, his mother blames the school for poor cyber-security.
This April, the Austrian police arrested a 15-year-old for hacking into a shocking 259 companies. He is the country's youngest arrested hacker and is estimated to have broken into an average of three sites per day.
Two unnamed British teens, ages 16 and 17, known as TeamPoison recorded phone calls made to Scotland Yard's Anti-Terrorist Hotline this April. They bypassed decades-old technology to eavesdrop on highly sensitive conversations and posted their recordings on YouTube. Both boys were taken into custody.
A Greek teenager was arrested last year for allegedly hacking into websites of the U.S. government and Interpol, ending a two-year chase. A raid of his house revealed 130 fake credit cards. Allegedly, his back is tattooed with the statement, "Capitalism is opportunity and opportunity is freedom."
Two unnamed Norwegian teens have been arrested in connection to a string of computer attacks. Although the targets have not been confirmed, the BBC alleges they may have included the British Serious Organized Crime Association, the Norwegian lottery, and a German newspaper. The teens face up to six years in jail.
An unnamed student from Pelham High School in Pelham, NH hacked into the school's computer to change grades. "I was a little shocked, but it is a little bit amazing that we have kids with that kind of computer aptitude that would be able to crack into the system," Pelham parent Debbie Croatti told WHDH-TV. "I'm glad that they found out and that they're going to remedy the situation and make it better."