Insiders: Difference between revisions

Revision as of 06:04, 30 October 2023

Introduction

In the ever-evolving landscape of cybersecurity, threats come from various sources, but perhaps one of the most challenging to combat is the threat posed by insiders. Insiders, who are often trusted employees or individuals within an organization, have privileged access to sensitive information, systems, and networks. While not all insiders have malicious intent, their actions can inadvertently or intentionally compromise an organization's security.

Cybersecurity Tools

Identity & Access Management

CrowdStrike Reporting Tool - CRT

Heimdal - Application Control

Heimdal - Privileged Access Management

Periodic Know Your Users Reviews

BeyondTrust - Privilege Management

Consumer Reports - Delete Old Accounts

CrowdStrike Reporting Tool - CRT

Forcepoint - Forcepoint Data Visibility

Security Awareness & Training

Australian Charities and Not-for-profits Commission - Governance Toolkit - Cyber Security

Barracuda - Email Protection

Broadcom KnowBe4

Broadcom PhishMe

Broadcom Security Awareness Training

Canadian Cyber Threat Exchange - CCTX - Cyber security for kids - How parents can talk with their children

Canadian Cyber Threat Exchange - CCTX - Cyber security for video game consoles

Canadian Cyber Threat Exchange - CCTX - Keeping your passwords secure has never been easier!

Canadian Cyber Threat Exchange - CCTX - Network cyber security - An introduction

Chainalysis - Crypto Mixers and AML Compliance

CISA - Cybersecurity Toolkit and Resources to Protect Elections

CISA Cybersecurity Publications

Consumer Reports - Spot Malicious Sites and Phishing Attempts

Consumer Reports - Stick to Official App Stores

CrowdStrike - CYBERSECURITY 101 - THE FUNDAMENTALS OF CYBERSECURITY

Crystal - Crystal School of Crypto Compliace and Investigators

Cyber Security Tools by SANS Instructors

Cybersecurity and Infrastructure Security Agency - Downloading and Installing CSET

Digital Transformation Hub - Best-Practice Cyber Security Governance

Digital Transformation Hub - Cyber Security - What it is and Why it Matters

Digital Transformation Hub - Making the Internet a Safe Place for All

Digital Transformation Hub - More Cyber Security Resources

Digital Transformation Hub - Why Cyber Security is so Important

FBI - Safe Online Surfing

Federal Trade Commission - Cybersecurity for Small Business

Federal Trade Commission - Physical Security

Federal Trade Commission Consumer Advice - Cybersecurity Resources for Non-Profits

Freedom of the Press Foundation - Your smartphone and you - A handbook to modern mobile maintenance

Global Cyber Alliance - 2FA

Global Cyber Alliance - Cybersecurity Toolkit for Elections

IDCARE - Apps & Tools

IDCARE - Apps - Tools

INFOGUARD Cybersecurity - Cybersecurity Tips for Journalists

International Center for Journalists - Strengthening Digital Security for Journalists and Civil Society Advocates in Latin America

Internetmatters - Guide to Apps

Internetmatters - My Family's Digital Toolkit

Internetmatters - Online Safety Leaflets & Resources

National Council of Nonprofits - Cybersecurity for Nonprofits

National Council of Nonprofits - Protect the Future of Your Nonprofits Data

National Cyber Security Centre - Cyber Security - Small Charity Guide

National Cybersecurity Alliance - Career + Education Library

National Cybersecurity Alliance - Online Safety - Privacy Basics- Resources & Guides

NetApp - Backup and Recovery

NetApp - What Is Backup and Recovery

NordVPN - What are scam websites, and how can you tell if a page is fake

PBS - Cyber Labs

Right To Be - Cybersecurity Resources

SecureTheVillage - Community Engagement Program

Secureworks PhishInSuits

Security First - Umbrella

Simplilearn - Cyber Security Full Course - Cyber Security Training for Beginners in 2022 - Simplilearn

SiteLock - Website Monitoring - Why It Is Important

Splunk Training

USCC - Cyber Quests

VPN Ratings - VPN

VPN Ratings - What is a VPN

VPN Ratings - What is a VPN?

Wipfli - Cybersecurity 101 - What does it Involve and What Should you Invest in

Wipfli - How CEOs can be Proactive in Cybersecurity

Wipfli - Investing in Cybersecurity Pays Dividends

Wipfli - Multifactor Authentication - Why you Need it Now

Security Information & Event Management (SIEM)

AT&T Cybersecurity - AlienVault OSSIM

AWS - AWS IoT Device Defender

Blumira - Automated Cloud SIEM

Broadcom Symantec Security Information and Event Management (SIEM)

Caldera - MITRE ATT&CK

Cascade - MITRE ATT&CK

Check Point - Horizon Events

Check Point - Security Management Portal

Check Point - WatchTower Security Management App

CISA - Malcolm

Cisco SecureX

CrowdStrike - Falcon Complete LogScale

CrowdStrike - Falcon LogScale

CrowdStrike - Falcon Long Term Repository

CrowdStrike - Falcon NextGen SIEM and Log Management

Elastic SIEM

Forescout - Forescout

Hybrid-Analysis - Sandbox Scryer

Mandiant Attack Surface Management

Mandiant Azure AD Investigator

Microsoft - Azure IoT Hub

Microsoft - MSTICpy

Microsoft PsExec

Nagios - Nagios Log Server

Open Source - RITA

Open Source - Security Onion

Opentext - ArcSight

Opentext - ArcSight Recon

Perception Point

SANS Institute - Grok

SANS Institute - GTF

SANS Institute - Icinga

SANS Institute - Iftop

SANS Institute - Inkscape

SANS Institute - Moloch

SANS Institute - MPTCPdump

SANS Institute - Ncat

SANS Institute - PCAPNG Tools

SANS Institute - QUIL

SANS Institute - Scapy

SANS Institute - SecopsGenie

SANS Institute - SiLK

SANS Institute - SolarWinds Security Essentials

SANS Institute - Splunk

SANS Institute - traceroute

SANS Institute - Traffic Inspector

SANS Institute - Tshark

SANS Institute - Wireshark Plugins

Secureworks Dalton

Snort - Snort

Splunk Attack Detection Collector - ADC

Splunk Connect for Syslog

Splunk Synthetic Adversarial Log Objects - SALO

Splunk Training

Tripwire - Security Configuration Management (SCM) Solution

Tripwire - Simplify Event Monitoring with Tripwire LogCenter

Tripwire - Tripwire ExpertOps - Managed Cybersecurity - Compliance

UTMStack

Wireshark - Wireshark

Anti-virus & Anti-malware Software

Akamai - Secure Internet Access Enterprise

Apple - iOS Security

Apple - iPadOS Security

Avast - Avast Antivirus

Avast - Avast Mobile Security

AVG - AVG Antivirus Pro

Center for Internet Security - MS-ISAC Endpoint Security Services

Cisco - ClamAV

Cisco - Immunet Antivirus

CNET - How to check your Android phone for malicious apps

Forcepoint - Zero Trust CDR

Fortinet - Fortinet FortiGate

Google - Use Google Play Protect to help keep your apps safe and your data private

Google Safe Browsing

Guardio - Guardio

Heimdal - Application Control

Lifehacker - How Can You Tell if an App Is Malware

Lifehacker - How Can You Tell if an App Is Malware?

Lookout Mobile Security - Lookout Security & Antivirus

McAfee - McAfee Total Protection

Microsoft - Defender for Business

Microsoft - How Microsoft identifies malware and potentially unwanted applications

Microsoft - Microsoft Defender

Microsoft - Stay protected with Windows Security

Microsoft - Windows Malicious Software Removal tool

Microsoft Defender Application Guard

Microsoft Safety Scanner

Norton - Norton Antivirus

Open Source - AdBlock

Open Source - Quad9 for Android

SANS Institute - Remnux

SANS Institute - Yara

UBlock Origin - uBlock Origin

Virus Total - VirusTotal

Vmware - VMware Workstation Player

VMware ESXi - Free

Phishing

Akamai - Secure Internet Access Enterprise

Akamai MFA

Analyze - Intezer

AVG - AVG Antivirus Pro

Barracuda - Email Protection

BlueBox

Broadcom PhishMe

Cisco Talos Intelligence - Open Source Security Tools

CyberGordon

Cybersecurity and Infrastructure Security Agency - Anti-Phishing Training Program Support

Federal Trade Comisson - OnGuard Online

Federal Trade Commission - Phishing

Federal Trade Commission Consumer Advice - How to Recognize and Avoid Phishing Scams

Global Cyber Alliance - Phishing Overview

Gophish - Open-Source Phishing Framework

GOSINT

Guardio - Guardio

Identity Guard - Identity Guard

James Brine Threat Intelligence Feeds

KnowBe4 - PhishER

KnowBe4 - PhishER Plus

Malware Patrol

Newly-Registered Domain Lists from Stamus Labs

Scam Advisor - Check a Website

Secureworks PhishInSuits

WSTNPHX Malware Email Addresses

Types of Malware

Accidental Data Leakage

One of the most common insider threats is accidental data leakage. Employees might send sensitive information to the wrong recipient, mishandle data, or unintentionally introduce malware into the system. These actions can result from negligence or a lack of proper training.

Malicious Insiders

Some insiders, driven by personal gain or grudges against the organization, may deliberately compromise security. They can intentionally steal sensitive data, introduce viruses, or disrupt operations from within. Detecting and mitigating such threats often requires advanced monitoring and investigation techniques.

Sabotage

Disgruntled employees may attempt to sabotage an organization's systems or operations, causing significant damage. Organizations need to have mechanisms in place to detect and respond to such threats promptly.

Inadequate Insider Monitoring

Failing to monitor insider activities effectively can leave an organization vulnerable. Implementing robust monitoring systems and regularly reviewing access logs can help detect and respond to suspicious behavior.

Distribution and Infection

Third-Party Risk

Contractors, suppliers, and partners can also pose insider threats if they have access to an organization's systems. It is essential to extend security measures to these third parties and regularly assess their security practices.

Insider Collaboration with External Threat Actors

Insiders can collaborate with external threat actors, such as hackers or cybercriminals, to compromise an organization's security. Identifying and disrupting such collaborations can be challenging but is crucial.

Phishing and Social Engineering

Insiders can fall victim to phishing attacks or social engineering tactics, inadvertently providing access to their accounts or sharing credentials with malicious actors. This can be prevented by training employees to recognize and respond to these types of threats.

Unauthorized Access

Trusted insiders can abuse their access privileges. This can include accessing systems or data without authorization, leading to data breaches or unauthorized modifications. Regular access reviews and least privilege principles can help mitigate this risk.

Conclusion

To combat these insider threats effectively, organizations must adopt a multi-faceted approach that includes a combination of robust security policies, ongoing employee training programs, access control measures, monitoring tools, and incident response plans. Additionally, fostering a culture of cybersecurity awareness and trust within the organization can go a long way, as cybersecurity is not just a technological challenge; it is a people and process challenge as well.

@@ Line 2: / Line 2: @@
 {| class="wikitable"
 |-
-| style="width: 50%; vertical-align: top;" colspan="2" | [[File:ACT_Malware_Icon.svg|frameless|40px|link=Malware]] <big>'''Introduction'''</big> <br>
+| style="width: 50%; vertical-align: top;" colspan="2" | [[File:ACT_Insiders_Icon.svg|frameless|40px|link=Malware]] <big>'''Introduction'''</big> <br>
 In the ever-evolving landscape of cybersecurity, threats come from various sources, but perhaps one of the most challenging to combat is the threat posed by insiders. Insiders, who are often trusted employees or individuals within an organization, have privileged access to sensitive information, systems, and networks. While not all insiders have malicious intent, their actions can inadvertently or intentionally compromise an organization's security.
 | style="width: 50%; vertical-align: top;" colspan="2" | [[File:stalking-hyenas.png|frameless|100px|right|link=Top_Threats]]
@@ Line 13: / Line 13: @@
 {{#categorytree:Security Awareness & Training|mode=pages|all}}
 {{#categorytree:Security Information & Event Management (SIEM)|mode=pages|all}}
+{{#categorytree:Anti-virus & Anti-malware Software|mode=pages|all}}
+{{#categorytree:Phishing|mode=pages|all}}
 |}
 |-

Insiders: Difference between revisions

Revision as of 06:04, 30 October 2023

Accidental Data Leakage

Malicious Insiders

Sabotage

Inadequate Insider Monitoring

Third-Party Risk

Insider Collaboration with External Threat Actors

Phishing and Social Engineering

Unauthorized Access

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools