Employees Are The #1 Cause For Breaches

Employees are the number one cause of cyber security breaches. According to a Haystax survey, the majority of cyber professionals (56%) say that insider threats are on the rise.

Users with access to sensitive information are considered the greatest threat (60%), consultants and contractors in second place (57%) followed by employees with a normal level of access (51%).

Human error is also considered a common network vulnerability, like John Podesta who clicked on a malicious link that led to the leak of Hillary Clinton’s emails in 2016.

Why is the threat of insiders increasing? Haystax study identified several reasons:

• Strategies and solutions that do not provide holistic cyber protection
• An increase in the number of devices with access to sensitive data
• sensitive data moving outside the firewall on mobile devices
• More employees, suppliers and partners with access to the network
• Complex technological systems
• Increasing use of  cloud applications and infrastructures usage

Cyber Security Breaches Caused By Phishing

Phishing is an attempt to steal sensitive information by impersonation. It is a method of deception that aims to cause the user to act, usually clicking an attached link,  that will endanger their computer.

Types Of Phishing Attacks:

• Email Phishing -Emails that seem to have come from a reliable source (generally Facebook, eBay, etc.) like professional organizations, institutions, and service providers, but were sent from a malicious hacker. These emails use corporate language, company logo, and even the original typography – methods that raise credibility and persuade us to believe in the legitimacy of these emails.
• Spear phishing- similar to email phishing, only in this case the hackers target a small group of people, sometimes for a single purpose. The attacker collects information about employee names in a particular department and impersonates a known entity, such as a service provider working with them or an IT team. In this case, the email is personalized.
• MITM- occurs when a hacker inserts himself between the user and the service provider, whether as a bystander listening or as an imposter of one party. The purpose of the attack is to steal personal information – credit card details, passwords, and account information – most often occurs in communications between users and financial companies, SaaS, online stores, and sites that require login to an account.

The November 2016 hacking of Hillary Clinton’s Democratic presidential campaign chairman John Podesta’s email account was more than just another phishing incident. His account was hacked by a Russian hacker group known as Fancy Bear, who impersonated Google and sent an email they said was The password needs to be changed after a hacking attempt took place Entering a link that took him to a fake website led to the release of thousands of Podesta emails through WikiLeaks in the weeks leading up to the November election.

Another famous phishing incident occurred in January 2022, when Cleardin published an article about the state-sponsored Russian hackers gaining access to the United States electric grid infrastructure by hacking into small companies that work in partnership. The hackers used these companies to send phishing emails to power grid jobs.

Phishing Protection

The phishing method has become a hacker favorite, with attacks occurring daily that can lead to losses of millions and irreversible damage. The phishing tests train employees to take precautions and be on alert for any sign of foul play. Management benefits from these tests as well,  by receiving a deeper understanding of the company’s security defenses and vulnerabilities.

The phishing test is performed by a professional team that specializes in identifying these attacks. The goal is to create a simulation of a real phishing attack, so the employees are subjected to a phishing test – will they provide data or not.

The team will usually purchase a domain and SSL certificate which will increase the credibility and lower suspicion. A message will then be sent to the company’s employees (using one of the phishing methods listed), from an address that is supposedly known. The message is usually accompanied by a link with a request to enter personal information (password, username, account information, etc.)

Once employees’ awareness of this issue increases through phishing tests, caution will increase and thus prevent the next attack.

Cyber Security Breaches Caused By Human Error

According to Verizon’s 2021 report that examined 23,896 incidents last year, human error continues to be a leading factor in data breaches. 82% of 2021 cyber security breaches involved human error.

Take for example the case of Snapchat, where in 2016, an employee of the social media company exposed the salaries of 700 current and former employees after the attacker impersonated the company’s CEO, Evan Spiegel, and tricked them into sending an email containing the information.

Another case occurred at the beginning of December 2018, when a digital certificate to software used by the Swedish network and telecommunications company Ericsson expired. This incident caused disruptions and shut down mobile services in the UK, resulting in 32 million people in the UK alone losing access to 4G and SMS. 

Cyber Security Breaches Caused By Negligence

The City of Calgary in Canada is being sued for $92.9 million for a 2017 privacy breach that affected more than 3,700 of its employees. The city is accused of “clear negligence” after a Calgary city employee emailed an Alberta city employee and shared workers’ compensation details, medical records, social security numbers, addresses, dates of birth, and income information.

The American credit card company Equifax experienced a breach in 2017, during which the personal data of almost 146 million Americans and 15 million British citizens was leaked. The leak was caused by a mistake by a Budd employee in Equifax’s technology department who did not “heed the security warnings to perform software updates” according to the testimony of the company’s CEO.

Software developers regularly release updates aimed to prevent the exploitation of software vulnerabilities. Pay attention to these updates even if they are highly frequent -Facebook and Microsoft release updates on a daily basis given the importance of their systems. Even systems that seem marginal to you, such as your CMS system or even IoT systems from printers to building maintenance, need updates, but less frequently. In addition, there are so-called Legacy Products, which are basically systems that manufacturers have decided have run their course and have stopped releasing updates and supporting them. For example, the Microsoft 7 operating system is no longer supported by Microsoft, and systems running Microsoft 7 after the EOL date pose a cyber threat to the corporate network.

Cyber Security Breaches Caused By Weak Passwords

Perhaps the biggest cyber-security sin of all, the re-cycle of passwords is a security vulnerability easily fixed. Create a password with a sequence of letters and random digits, ensure strong passwords for financial accounts, and use protected software for storing passwords and not cell phone notes. However strong passwords are not sufficient. Organizations must implement two-step verification using another device as an authentication requirement.

The infamous supply chain breach of SolarWinds, the company that provides IT and monitoring systems to many entities, including official US government institutions, happened because of a weak password. Hackers exploited a vulnerability in the Orion monitoring software, which allowed them to install malicious code and remain dormant on the system for more than a year without detection.

Although it has not been confirmed, current and former SolarWinds employees report that the main cause of the supply chain attack was an intern who used the password “solarwinds123,” and that password was publicly accessible through a misconfigured GitHub repository.

Cyber Security Breaches Caused By Malicious Intent

Disgruntled employees can cause damage, either because they feel like they have been unfairly fired, or because they are motivated by greed and a desire to gain a competitive advantage with a new employer.

Employees have direct access to the internal network which can cause a lot of damage. For example, a former network manager of the city of San Francisco held the city’s systems hostage by refusing to give up passwords. Why? He felt that his superiors were incompetent.

Not convinced? Let’s look at the oil and gas company EnerVest, whose network manager sabotaged the company’s systems by returning them to their original factory settings because he found out he was about to be fired.

Protecting Organizations From Insider Cyber Threats

Internal penetration tests –

Performing penetration tests from the perspective of an attacker with internal access, often employees reveal security weaknesses and point to the incorrect distribution of privileges.

The white box pen testing simulates a cyber-attack conducted by a hacker from within the organization (for example, a resentful employee who wants revenge) that is already accessible to the network and the company’s resources.

This test requires the organization to provide the software’s source code, including characterization and detailed information. 

By providing this information, white hat hackers can conduct a comprehensive and thorough penetration test to find as many vulnerabilities as possible, thus enabling maximum use of time and wider coverage of the security systems. 

An internal pen test is an attempt to penetrate and gain access to enterprise information systems, and it is done from the perspective of an attacker who has access to the internal network or works with limited access to the network.

In computers where it is adequate hardening the actions that an attacker can do are limited. During an internal penetration test, the pen tester tries to raise their permissions (escalation) as much as possible, thereby gaining access to all the devices that are included in the test.

As proof for examination, evidence is usually sent to confirm the findings, such as:

• Passwords for administrative access and databases
• E-mails and confidential documents
• Screenshots