1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

7/15/2017

0 Comments

Insider Data Breach: An Enemy Within

 
Insider Data Breach

Insider Data Breach: An Enemy Within

Last week, an international health insurance company publicly acknowledged that one of its employees stole information that affected records of 547,000 customers.
 
The affected company said that while the stolen records didn’t include financial or medical data, records including names, dates of birth, nationalities, contact and administrative details were stolen. The company said that the employee responsible was fired immediately after the breach was discovered and is taking appropriate legal action.
 
DataBreaches.net first reported the data breach of this international health insurance company when a vendor calling himself or herself on the dark web as “MoZeal” claimed that he or she has over 1 million records for sale.
 
When contacted about the pricing, according to DataBreaches.net, MoZeal allegedly replied:
"Thanks for your inquiry bro, but before i start talking about pricing i would just like to clarify that this medical database is the only unique db if not only one on the entire dark web market with over 1million entries and over 122 countries as a whole not to mention its come straight from one of the world class health insurance companies. so you can imagine the information is very sensitive but also exclusive."
 
The international health insurance company disputed the 1 million records claim, and said in a statement, “Our thorough investigation established that 108,000 policies, covering 547,000 customers, had been copied and removed. The disparity in numbers claimed and those taken, relates to duplicate copies of some records.”
 
This latest data breach incident shows the weakest link in cyber security: insider.

Who is an Insider

​An “insider” can be anyone who has physical or remote access to your company's confidential data. Although an insider often refers to your employee, your business partner, client or maintenance contractor who has access to your company's confidential data can also be considered as an insider.
 
An insider can either be a malicious insider or an inadvertent insider. An inadvertent insider can be an employee who was tricked to download a malware-laden document which then gives cyber criminals access to a company’s confidential information. A malicious insider refers to anyone who snoop files, steal information, and those who appeared to have knowingly violated the law.

Extent of Insider Data Breach

​IBM’s global threat intelligence report found that over 200 million financial services records were breached in 2016. Fifty-eight percent of the data breach in 2016 in the financial services sector was a result of insider attacks, while outsider attacks were only 42%. Of the 58% insider attacks, 5% of which were made by malicious insiders and 53% were made by inadvertent insiders.
 
The IBM report also found that in 2016 the healthcare sector was more affected by insider attacks (71%) than outsider attacks (29%). Out of the 71% insider attacks, 25% of which were malicious insider attacks and 46% were inadvertent insider attacks.
 
For its part, Protenus reported that 43% of the 2016 U.S. health data breaches – total of 192 incidents – were the handiwork of insiders. Of the 192 insider breaches, 99 of these incidents were a result of inadvertent insiders, 91 incidents were a result of malicious insiders, and in 2 incidents there was insufficient information to determine whether the incidents should be considered as inadvertent or malicious.

Health Data Malicious Insider Breaches Take 607 Days to Discover

According to Protenus, in 2016, the average days for healthcare organizations to discover they had a health data breach was 233 days. The most troubling part of breach discovery, according to Protenus, is in cases of malicious insiders in which the average discovery period was 607 days – more than double the typical data breach discovery period.
 
Protenus gives two explanations why it takes so long to discover a breach:​

1. Limited Budgets and Resources
With limited budgets and resources, not all organizations will be able to detect breaches in an automated and precise manner.
 
3. Reactive Approach to Data Breach
Many organizations have taken a reactive approach to data breach – only worrying about breaches once they are brought to their attention by the affected party or third party like the media.
 
“Insiders are a very real risk to the security of patient data,” Protenus said.  “The high number of breach incidents, and the fact that these small-scale breaches can often go undetected, make these breaches especially devastating.”

How to Prevent Insider Data Breach

Here are two ways to prevent insider data breach:

1. Educate Employees
According to IBM, the reality that the cyber insider attacks targeting the healthcare and financial service sectors were largely the result of inadvertent insiders may be due to these industries having a greater susceptibility to phishing attacks.
 
Phishing attack happens when cyber criminals try to trick you into sharing personal or work-related information online. Cyber criminals typically use email, ads, or sites that appear similar to sites you already use as common phishing methods. An email that appears like it’s from your bank requesting that you confirm your bank account number is an example of phishing.
 
One way to prevent inadvertent insider attacks is by educating employees – through in-person instruction, video, webinars – about phishing and how to avoid becoming a victim.
 
2. Automation and Preventative Controls
To prevent data breaches both from malicious and inadvertent insiders, it pays to invest in automated data breach detection tool. If an organization only depends on one or two persons to detect data breach, it will take some significant time before the breach can be discovered. With automation, the threat can be detected immediately and in a precise manner.

“We predict that 2017 will be the Year of Insider Breach Awareness, with organizations realizing that this constant and significant problem has gone unaddressed for too long, with the focus for the last couple of years being more about catching up on external threats,” Protenus said.
 
While the great majority of our business partners, employees, clients and contractors pose no threat, it pays to be proactive in detecting data breaches. While it takes only a few minutes to steal data, it can take months and years to recover data and rebuild positive business reputation.
When you need to protect your data against the insider threats, and don't have in-house expertise, please contact us and we will be happy to help.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit