InfoSec 2017: Dark web and economic downturns fueling insider threats

News by Max Metzger

Economic hardship, availability of the dark web and the concentration of critical data in the workplace and have combined to create new opportunities for insiders.

Insider threat opportunities have ballooned in recent years with developments in technology and falls in living standards for many, David Pogemiller VP of strategy at RedOwl told a crowd during the waning hours of InfoSec Europe 2017.

Only a few years ago, Pogemiller reasoned, the job of stealing information from your employer and then selling it on for personal profit was a lot harder, and its rewards were less tempting.  

While data used to be stored on paper, in boxes and shoved somewhere in a cavernous warehouse, it is now held electronically and often at the fingertips of anyone who might need it. It's that change which has revolutionised the modern workplace but, added, Pogemiller, "one of the biggest changes over the last 20 years has been the ability of insiders to take advantage of technology" too.  An audience poll revealed that many of those watching worked in organisations that allowed critical data to be accessed by large portions of their workforce.

Moreover, people are far more tempted to steal from their employers than they have been: "people are increasingly under economic pressure, it is harder and harder to get return, it is harder and harder for people at the low end to get by". In times of great inequality people are more inclined to seek even illicit ways to improve their situation.

It's people suffering financial pressures who are all the more likely to compromise their employers. "There are significant changes happening based on the dark web", added Pogemiller: Not only do cyber-criminals know that, but they're exploiting it.

A study performed by Intsights showed that discussion of insider activity is heating up on dark web forums.  In 2015, such topics were found around five times a month. In only a few years that number has jumped to 100.

A simple search of these forums will provide shocking results. Pogemiller gave just one example of a post advertising for potential insiders within banks, which added,, "if you don't work for a bank but are interested and would like to apply for a position at a bank you can also contact. If you are interested but have a criminal record, I can help with a new identity."

Before the advent of the dark web, an insider might have had to find some kind of broker or corporate spy to realise the value of their stolen loot. The ready availability of an online haven of illicit activity has made monetising stolen data all the easier.

The threat posed by insiders is often put into three categories; the malicious ones who actively want to harm  your organisation; the negligent employees who expose their companies to exploitation by ignoring security policy and the compromised, who are being coerced into doing so.

Pogemiller proposed a complementary series of profiles. There are the 'good', those who simply make mistakes and 'the bad', the kind of malicious actors who should be found and exited as soon as possible, and then there are 'the tempted'. Those in this category "make decisions every day not to break the rules." Whether it's a financial trader who is behind on his portfolio or an employee going through an expensive divorce, these people could go either way.

That said, "temptation factors are also levers for mitigation", the kinds of stresses that might affect insiders which can be watched out for. The richness and availability of data has gifted us with "a golden age of surveillance", allowing us to detect and respond to these threats with an effectiveness that enterprises could not previously.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews