Lessons from the Transnet cyberattack

The recent cyberattack on Transnet has paralysed South African ports; this is how you can prevent a similar attack on your company.

According to the Ponemon Institute’s global study of insider threats, almost one in four internal compromised data incidents in 2020 were caused by criminal and malicious insiders. Given the increased number of employees working remotely due to the global pandemic, business owners must stay alert to avoid potential risks.

“Employee data theft is a difficult attack to defend the organisation against because it comes from the employees you trust, so it always hits unexpectedly,” explains Oliver Noble, a cybersecurity expert at NordLocker, a data encryption solution. “Although you can’t predict them, understanding why and how employee data thefts are carried out might help you prepare better.”

Why might employees want to steal your organisation’s data?

Most internal actors are financially motivated, as they try to cash in on the information they steal. Also, an employee might hold a grudge against their employer and steal data out of spite or revenge. Finally, there are those who embezzle what’s confidential to start a competing business or benefit their future employer. Unknowingly, you may also have hired an inside agent acting on behalf of some external party that may be your closest competitor.

“Whatever their reason might be, malicious insiders are a ticking bomb once they’re given trusted access to the organisation’s resources,“ says Noble. “They know how valuable and critical the information your company handles is, and they are on the mission to steal or leak it.”

What ways are used to steal information?

A new report found that 35% of corporate data leaks include photographs or screenshots taken by insiders. In 13% of cases, wrongdoers make physical copies of documents, whereas 30% of leaks occur through instant messaging, email or social networks.

Moreover, an employee can infect your company’s computers with malware that may sit there undetected for days or even months before starting damaging your systems or leaking information.

“Every solid business has information of value which may be attractive to other parties, like customer databases, client contracts and confidential project schemes,” Noble points out. “To get it, malicious insiders would do anything, even if it takes them long months of studying your systems and observing their colleagues. Thus, every respected organisation should have some data theft prevention in place to eliminate potential risks as much as possible.”

How can you avoid malicious inside jobs?

Even though it is impossible to completely prevent inside jobs, as you might not be aware that malicious insiders are plotting something, these measures may help mitigate the risks:

• Establish the Principle of Least Privilege. It limits who has access to your critical data depending on employees’ roles and functions.
• Implement an intrusion prevention system. It analyses real-time traffic and packet logging to help you detect and respond to any suspicious network traffic flows.
• Store data backups in an encrypted cloud like NordLocker in case ransomware hits. This ensures the data doesn’t get leaked and access to it isn’t lost.
• Get data loss prevention software. It detects potential data breaches, information exfiltration and destruction. The solution monitors, detects and blocks sensitive data while in use, in motion and at rest.
• Install digital signatures to sign every critical action within your organisation’s systems, with a secure mark of authenticity, so it’s easier to find the culprit if an incident occurs.