Many cybersecurity professionals focus their efforts on securing newly deployed technologies. But, most organizations could be using old school mainstays that open them up to unexpected insider threat risk. Business users either don’t know these tools are problematic, or (in some cases) may be partying like it’s 1999 and exploiting them to execute malicious insider threats.
Here are five old school technologies that could increase your organization’s insider threat risk, along with some tips and tricks on how to secure them. (P.S. Keep an eye out for our upcoming product announcement, as we will be adding some special capabilities to Proofpoint ITM to detect risks just like these!)
Let’s start with the old school favorite conference tchotchke, the USB drive. Everyone has at least one in a junk drawer somewhere. They may have seen their heyday before cloud storage methods became cheaper and more ubiquitous, but cybersecurity teams should still take notice because they haven’t gone away. In fact, USBs are still one of the most common ways users exfiltrate company data.
Even accidental insider threat incidents could happen via USB drive. Users may easily misplace drives containing sensitive company or personal data -- which can be dangerous if these USBs fall into the wrong hands. USB drives are also a common way for malicious actors to spread malware to local machines. Research from Kaspersky shows that one in four users globally are affected by these types of “local” malware threats.
Preventing insider threats via USB drive may be a matter of locking down USB ports throughout the organization. Now that cloud storage options abound, this policy may not interfere with people’s workflows as much as in the past. If these types of restrictions aren’t an option, a combination of user activity monitoring and endpoint protection tools can help provide the context needed to understand whether USBs are being used to maliciously exfiltrate data.
As for accidental insider threats, you can’t exactly prevent people from losing USB drives, but you can inform them of best practices around acceptable USB drive use, as well as point them to some secure, encrypted or password-protected cloud storage alternatives. Adopting a no-USB policy for your organization will decrease the risk of data loss and also prevent malware from being introduced via this threat vector.
Optical Drives for CDs or DVDs
Even though some computer manufacturers like Apple are killing off optical drives faster than millennials are killing department stores, CDs and DVDs are still hanging on as common removable media options (and risky technology for insider threat).
Just like their younger cousin the USB drive, CDs and DVDs can be used to copy sensitive files and folders -- which can walk right off the premises in the hands of the wrong user.
Many of the USB tips provided above may work similarly for optical drives. Monitoring for data exfiltration via removable media is the first line of defense. If your organization doesn’t already have one, it might be smart to create a removable media policy, and work closely with employees to ensure they understand how and when removable media can be used safely.
Paper records are responsible for an astounding number of data breaches, particularly within the healthcare sector. In fact, paper medical records accounted for 65% of hospital security breaches in 2018. But, you don’t have to be handling patient records to have a data breach happen to your organization.
Monitoring printer usage, and figuring out if there are any suspicious patterns to printer use among specific employees, may be the best line of defense. See someone printing dozens of sensitive files at 4:30 a.m.? It‘s time for an investigation.
It may sound obvious, but locking down sensitive documents (such as HR files) and shredding work-related paper are two other ways to defend against insider threat incidents. And it may be time for the annual reminder to employees not to write down or print their passwords. (Password notebook guy, we see you.)
FTP Client Software
File transfer protocol (FTP) dates back to the 1970s, when MIT students used the protocol to transfer documents back and forth securely over ARPANET (a precursor to the modern internet). Unfortunately, FTP did not go out with disco, and is still a major culprit for data loss within organizations.
Many organizations go as far as to block all FTP clients from corporate use. Regardless of whether you’ve implemented this restriction, it’s still important to employ end-to-end file activity monitoring, along with real-time alerting for data exfiltration attempts to FTP web applications.
Screen Capture Tools
Screen capture tools haven’t been novel since the 90s, but like cargo pants, they’re making a major comeback. Screen captures have become even easier with mobile devices or simple, built-in keyboard commands. If users are regularly taking screen clippings or accessing unauthorized screen capture software, you may be at risk of insider threat.
Educating employees on how to safely take screenshots (and when not to) can prevent unintentional misuse, while user activity monitoring can help organizations catch examples of intentional data exfiltration via screenshot.
New School Ways to Prevent Data Loss
A strong combination of user and data activity monitoring, paired with a good insider threat awareness program, could spare your organization from these old school insider threat risks. Don’t forget: data doesn’t lose itself. Avoiding costly insider threats means equipping people to avoid common mistakes, as well as employing the right technologies to detect and prevent insider threats.
Our next product release, due out in February, will add specific capabilities to help detect insider threats using removable media, keyboard shortcuts, and endpoint-related activity. Keep your eyes peeled!
Subscribe to the Proofpoint Blog