The Cyber Dawn
33 Ways BookCybersecurity

#3 Losing Sight of Insider Cyber Threats 

Dawn Kristy

Cyber threats loom large this year. Company culture and taking action to protect your crown jewels, the data, and the information most critical for your business and customers, go hand-in-hand with digital transformation.

Insider Threats Continue to Escalate

Are we acknowledging or losing sight of insider cyber threats as we scatter the workforce between multiple locations? Unfortunately, business owners feel they cannot control insider threats as they continue to increase in frequency and severity, but opportunities exist.

Credential Thief Scenario 

A credential thief who steals valid credentials obtains the keys to the kingdom. Those keys give them access to your network as an insider, a legitimate user, with unlimited time to dwell and search for the crown jewels in your system.

The steps to a credential-based cyberattack look like this:

First, cybercriminals steal a victim’s credentials (username and password combination). 

Second, they now have the same account access privileges as the victim. 

Third, they proceed as insiders (albeit imposters) to steal critical data or manipulate an employee to wire funds to a fake bank account owned by the fraudsters (business email compromise (BEC), also known as funds transfer fraud (FTF). 

Investments

Business leaders have investment options, including tools that monitor employee behavior in real-time (IRL) and provide automated permission management.

To keep this type of human factor cyber risk front and center, establish a team, designate authority and responsibility and provide regular training on current cyberattack methods for the entire workforce.

Will you allocate funds for an insider cyber threat strategy as part of your overall cyber resilience strategy?

33 Ways

If you already know how to prevent some of the scenarios addressed in this book, great! Find the “Ways” you need to learn as you work from anywhere (WFA).

Sign up for my monthly newsletter on my website www.thecyberdawn.com which will launch with the publication of my book in June 2022.

For more information on training and speaking engagements, contact info@thecyberdawn.com.

 

Dawn Kristy

I am a nationally recognized thought leader and cyber subject matter expert. I advise clients and executives on how to bridge the gap between IT, business, and communications strategy with difficult cyber, privacy, or emerging risks, I collaborate with experts and clients on risk management, data management, and compliance in various industry verticals, including financial services, healthcare, manufacturing, construction, logistics, law, and federal government contracting.

You May Also Like

Losing Sight of Insider Cyber Threats

Dawn Kristy

Businesses Caught in the Phishing Net

Dawn Kristy

Book Fest Book Award for 33 Ways Not To Screw Up Cybersecurity

Dawn Kristy

Leave a Reply