Home / Blogs

How to Avoid Insider Threats Such as the Latest New York Post Hacking

New York Post has been “hacked” by an employee. To protect themselves from insider threats, companies can deploy zero trust and restrict access.

On October 27, the New York Post published a string of racist and sexist articles on its website.

Fabricated news about politicians, such as pieces concerning racist comments of a New York City mayor, has been headlining the publication.

Upon further investigation, it was evident that an employee published those pieces while working from home. The articles have since been removed, and he has been laid off from his position.

The journalist has since come forward, apologized, and explained that the published articles had been the result of a tantrum and private issues.

Could this incident have been avoided?

The truth is, when businesses think about security, they primarily focus on external threats.

Issues such as ransomware, phishing emails, and Distributed Denial of Service Attacks (DDoS) come to mind.

However, 60% of breaches are caused by internal incidents. In these cases, employees, either accidentally or on purpose, put the company at risk of hacks.

They might misuse their access to sensitive data and leak or share them with third parties for monetary gain. At other times, they might unintentionally harm the organization by falling for a phishing scam.

How to combat this issue?

Start with implementing zero trust, role-based access control, and building a strong base with multiple layers of security tools and principles.

Zero Trust Security

In cybersecurity, zero trust refers to the principle that states no one should be automatically trusted. It is applied to data within the system, people, devices, workloads, and networks.

Nowadays, zero trust security is an automated tool that is designed to implement its key principle automatically (trust, but verify), continually scans the attack surface to identify unusual activity, and protect data that is shared remotely.

Zero trust might seem counterintuitive since the general advice on how to deal with insider threats is mostly focused on building mutual trust between employees and employers.

However, zero trust can aid businesses in avoiding further hacking activity if the threat actor has already obtained access.

For instance, if the threat actor managed to obtain the password of an employee, further measures that seek confirmation of the identity can stop the hacker, who moves deeper and deeper within the system.

Undetected, the threat actor could monitor and spy on the activity for months on end.

Role-Based Access Control

One of the most important steps is to limit employee access depending on the role of the team member that is attempting to access the system.

Based on the role of the employee, restrict the access privileges they might have on the parts of the network and files they need to do their jobs.

True, some of the data leaks and hacks in the past have been the result of those in senior positions sharing the files outside of the company, but it’s still a critical precaution to take.

Not even employees that have been long within the company or operate in higher positions can be entirely trusted. A well-known example of this is the Edward Snowden case which resulted in the sharing of confidential data can attest to that.

This is where the previously mentioned zero trust methodology is crucial to protect the business from insider threats.

Multiple Layers of Security

Educating employees, having antivirus programs that can detect viral threats, and using a Virtual Private Network (VPN) are some measures that can aid companies in detecting and mitigating insider threats. 

Remote teams, as well as your system, should be protected when accessing the network from home. A VPN is a basic tool that separates the data that is shared and online activity from the public. 

Formal training on the basics of cybersecurity (including a module focused on insider threat recognition) for all employees is important as well.

It teaches them to recognize and avoid common dangers and be aware of possible threats imposed by other employees or cyber criminals within the organization.

Employee education is an important line of defense since many threats that turn into insider activity, such as phishing, are directly aimed at unsuspecting teams within the company.

Recognizing Signs of Insider Threats

Some of the clues that indicate insider threats include:

  • Attempts at accessing the account outside of the traditional working hours
  • A sudden increase in logging into privileged access accounts
  • Charges on the company credit card or debit
  • Access to accounts without a valid reason from the user
  • Personal signs coming from the employee—changes in behavior, issues at home, covering travel costs with the company’s funds, or past criminal activity

The capabilities of zero trust security include the recognition of some of these hints of a potential breach and misuse of credentials.

Creating awareness for all team members is also paramount. Even more, creating a safe cyber culture within which they feel free to report suspicious activity can go a long way in mitigating threats early.

The sooner these issues are resolved, the lesser the financial damage and harm to the company’s reputation.

Key Takeaways

Obliterating insider threats is challenging, especially with the rise of remote work. Employees can use their credentials to access data at all times from the comfort of their homes.

Tools such as AI-based zero threats security can map, monitor, and detect suspicious activity on time. For example, in the case of the New York Post, this software could have detected the employee login that occurred outside of working hours.

Another thing that the New York Post “hacking” reminds us of is that not all cyber crimes involve highly technical hacking. In this case, the journalist misused their login privilege to upload fake content.

Therefore, training about basic cybersecurity hygiene for all employees has to cover creating awareness of any suspicious activity within the company—for publications, this could mean paying closer attention to content that’s scheduled for publication.

Deploy zero trust within the premises, educate employees with basic training, set up multiple layers that guard the network, and restrict access to prevent insider threats.

By Evan Morris, Network Security Manager

Filed Under

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

Related

Topics

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC