Organizations face a new inside threat
Cybercriminals have rendered the darknet
into their workplace. According to security monitoring and ethical hacking
experts from the International Institute of Cyber Security, in darknet you can
find malicious software, cyberattack services against companies or individuals,
even buying confidential information sales, such as credit card numbers or
identity details.
A new trend in cybercrime is the recruitment of
professionals in different areas to collaborate with networks of malicious
hackers from within an organization. An investigation discovered job offers in
darknet for employees of banking institutions in Russia offering average wages
of 4000 euros for one hour of work per day, salary much higher than the monthly
average in Russia of 500 euros, so many Bank employees are attracted by this
kind of offers.
In 2016, security
monitoring experts analyzed about 100 million of sites in the
superficial network and dark web, finding that some gangs of cybercrime resort
to traditional recruitment methods; ads are published, interviews are made (by
videocall in many cases), and even hired for trial periods.
Data theft prevention
via Monitoring solutions like Business Control System (BCS)
Companies cannot control the activities of
users on their PCs or personal mobile devices, although there is the option to
control and monitor the corporate environment to prevent employees from working
as infiltrators in an organization.
The company’s visibility into employee
activities is essential for detecting access or anomalous searches. By performing
adequate monitoring; it is at this point that the visibility of the company in
the user’s activity becomes essential.
Regularly, employees who use credential access
to privileged levels are monitored, although security monitoring specialists
believe that monitoring is always useful regardless of employee level; in other
words, any employee who works with company information should be monitored. The
monitoring of the user’s activities can be done without intervening with the
user’s privacy, implementing solutions that provide a complete visibility of
the employee’s actions, but limiting a potentially invasive use. The
implementation of these solutions must be accompanied by a reasonable data
revision policy, which does not interfere with the privacy of employees, as
considered by security monitoring specialists from the International
Institute of Cyber Security. For example, IICS Business Control System
(BCS) has helped multiple organizations of the entire world.
The use of infiltrated employees in
organizations is a serious security threat. Companies must work to understand
this problem and develop the best possible preventions; employee behavior
patterns, visibility into their online activities and the ability to detect
anomalous incidents will help prevent a large number of security incidents
stemming from the activity of criminals on dark web.
Detection is crucial for organizations to
protect their most valuable assets and to prevent the loss of sensitive data
before the worst possible scenarios happen
