Cyberattacks are on the rise. A key problem is many businesses fail to realize that these attacks are likely caused by unintentional insider risk within their organization. Today, 4% of users are responsible for causing 80% of phishing incidents and 3% of users are responsible for causing 92% of malware incidents. It’s time for cybersecurity leaders to implement solutions to reduce their organization’s overall risk posture. Unintentional insider risk can lead to incredibly disastrous outcomes, such as making your organization (and everyone in it) vulnerable to malware, data loss, account compromise, and more. Identifying your riskiest users and adopting the right technology to stop attacks before they begin are necessary steps in mitigating the impact of unintentional insider risk in your organization.
Not only does unintentional insider risk open the door for cybercriminals to steal data and personal information from your organization, but any data breach can cause a loss of trust, and therefore a loss of customers and revenue. Even major global enterprises have felt the impact of unintentional insider risk and experienced the real-world consequences of a data breach.
Let’s dive into three stories of prominent corporations that have suffered a cyberattack brought in by insider risk. Plus, throughout the blog, we’re sharing resources you can use to discover how to reduce the insider risk in your organization with the right technology supporting your initiatives.
1. Verified Twitter Users Targeted by a Phishing Scheme
Phishing schemes can target many different demographics at once with a single email. One example is a recent phishing scheme targeting verified Twitter users. This particular scheme sent emails posing as Twitter Verified, alerting account owners of an unspecified problem with their account. The email’s purpose was to direct recipients to click on the “check notifications” button within the email to find out what the issue was. Apparently, failure to take action would have resulted in the revocation of their verified status on the social media platform.
However, this button redirected recipients to a malicious website, which was disguised to be affiliated with Twitter, and prompted users to input their credentials not once, but twice. After this was done, a phishing kit reset the account’s password and threat actors had victims provide them with a verification code, thus handing over account access completely.
While the total damage and results of this attack are still being discovered, so far we know:
- This phishing scheme allowed cybercriminals to gain access to verified Twitter users’ accounts which hold information such as their ID cards and other PII data.
- Hackers have been using this unfettered access to verified accounts to perpetuate their scheme even further by direct messaging new potential victims through these high-profile accounts.
This attack is similar to the 2021 cryptocurrency scam targeting verified Twitter accounts, in which threat actors used Elon Musk’s name to promote their fake cryptocurrency giveaway. These cybercriminals were able to successfully run their scheme, raking in over $580k in only one week. We can only imagine what the immense cost of this new cyberattack on Twitter is going to be.
Better prepare your organization to avoid account compromise and reduce the impact of unintentional insider risk. Watch our video to learn best practices to reduce account takeover and credential theft risk in your enterprise.
2. The National Health System (NHS) in the U.K. Continues to be a Target of Several Phishing Campaigns
Many industries fall victim to cyberattacks, including financial institutions, schools, and even hospitals. Recently, employees of the National Health Service (NHS) in the U.K. felt the impact of unintentional insider risk.
Threat actors were able to compromise over one hundred NHS email accounts with the goal of stealing PHI and other personal information. According to researchers, over one thousand phishing messages have been sent from official NHS email accounts, some of which have been sending fake alerts seeking to acquire Microsoft login credentials. This can be detrimental, as compromising credentials associated with healthcare may lead to a larger data breach of personal health information.
Other emails posed as brands like Adobe and Microsoft, leveraging company logos to bolster their credibility. Some still even added the NHS confidentiality disclaimer to the bottom of each email! As a result of this scheme, the threat actors received 4.5 bitcoin to their cryptocurrency wallet, which at the time was worth approximately $171,000.
With these details in mind, it is easier to understand how users could have fallen for such an attack. Mistakes happen, and especially in an industry as hectic as healthcare, it is easy for cybersecurity threats to slip through the cracks. With the right technology, though, organizations can proactively reduce the impact of unintentional insider risk.
Explore our user risk mitigation platform to see why the CISO at a large healthcare insurance provider said the “Elevate Security Platform is a critical part of how we gain visibility into and report on the trends around employee risk. We share these metrics that show the effectiveness of our activities and improvement to our security posture over time with the board on a regular basis.”
3. Global Hospitality Brand was a Victim of a Security Breach Due to an Abused Third-Party Application
While third-party applications are commonly used on many websites to enhance site functionality, they can lead to cybersecurity attacks more often than many may realize. With third-party applications, security teams cannot control what other vendors the third party allows in, enabling threat actors to take advantage of any loophole in a site’s systems.
For example, say a site uses a third-party application to generate submission forms on certain pages. This third-party application could be calling on other fourth, fifth, and nth parties to ensure the submission form works properly. However, security teams are often unaware of the read/write permissions these fourth and fifth parties have on the page. Cybercriminals can then leverage these third+ parties to infiltrate site pages and gain access to the information users are submitting in these forms. This is the exact phenomenon that happened with this company’s employees.
In early 2020, two of their employees’ credentials were compromised, allowing hackers to access 5.2 million guest records, including passport data, contact information, gender, birthdays, loyalty account details, and personal preferences. This breach affected approximately 339 million guests and cost the global brand £18.4 million in fines.
With key insights on user risk, the scale and cost of attacks like these can be reduced or prevented entirely. Understanding individual user risk based on actions, attempts, and access can help organizations keep track of users most likely to be tricked by today’s increasingly sophisticated attackers. As a result, organizations can mitigate the impact of unintentional insider risk by increasing security around their riskiest users as a preventative measure, decreasing the chance that they fall for such an attack.
With the right insider risk mitigation strategies and tools, security teams can rest assured knowing that their riskiest users — those most likely to accidentally bring in a cyberattack — are safeguarded with targeted security controls to reduce their individual risk. Take a look at how Elevate Security enables security leaders to proactively personalize security controls at scale.
Mitigating the impact of unintentional insider risk should be a priority for any organization. When 20% of all breaches involve human error, now is the time to ensure your organization is protected. With Elevate Security, you can proactively identify your riskiest users and establish individualized security alerts before the damage is done, not after.
Discover how you can mitigate the impact of unintentional insider risk in your organization. Check out our solution brief to learn how Elevate Security helps your organization stay safe and productive.