A business’ employees are perhaps its greatest weakness in terms of its cybersecurity, although they also have the potential to be one of its greatest advantages if trained properly. To demonstrate this, let’s consider a few examples that exemplify either case.
Tesla’s Recent Near-Incident
In late August, a Russian national was arrested and charged with conspiracy to intentionally cause damage to a protected computer for attempting to recruit an employee of Tesla to install malware on the network of the Nevada company’s Gigafactory, as confirmed by owner Elon Musk via Twitter.
According to court documents, it was in mid-July that this hacker—27-year-old Egor Igorevich Kriuchkov—established contact with a Tesla employee whom he had briefly met in 2016. Using the popular messaging application WhatsApp, Kriuchkov set up an in-person meeting with the unnamed employee. By August 3, Kriuchkov tried to recruit this employee to assist him in stealing data from Tesla and extorting money in exchange for keeping this data private.
The attack would work like this: by simulating a Distributed Denial of Service (DDoS) attack, the group that Kriuchkov was working with could then steal Tesla’s data unnoticed. Then, the group would reach out and demand that Tesla pay them money to keep this data private.
After a few days, Kriuchkov requested another meeting with the employee to iron out the details. However, the employee had already made contact with the FBI to inform them, and as the FBI surveilled the meeting, the employee was able to get Kriuchkov to repeat his plan, listing other companies who the group had worked against and assuring the employee that their past conspirators were still employed by their companies. The employee was even told that another coworker could be made to look responsible if there were someone that this employee had a grudge against.
Ultimately, enough evidence was collected to arrest Kriuchkov, and he could now face up to five years in prison.
So, it was because of the employee’s efforts that Tesla was able to dodge a significant bullet here.
What Other Companies Have Experienced, and What it Shows
While Tesla was able to sidestep this threat due to the diligence and honesty of their employee, many companies have not been nearly so lucky. According to the Ponemon Institute, insider threats (such as the one that Kriuchkov and his co-conspirators were encouraging) have risen in frequency by 47 percent over the past two years, with the average incident increasing in cost by 31 percent.
Therefore, the importance of minimizing these incidents in your own business is clear. To do so, you need to ensure that your employees are on your side and are prepared to protect your business.
How to Minimize Insider Threats
The name of the game is going to be education. Not only will you need to make sure your employees are motivated to protect your business, they will need to know how to do so. For starters, we recommend that you do a few things:
- Involve security in your company culture. Whatever impact a cybercrime has on your business, it will also have on your employees by association. By making this clear and giving everyone ownership of the company’s cybersecurity, you are unifying your team and putting everyone on the same side.
- Keep your team up to date on trending attacks and acceptable behaviors. Like so many things in the business landscape, cybercrime is always shifting. If you and your team are going to be able to resist attempts of all kinds, everyone’s knowledge will have to be kept current. It also helps to establish acceptable use policies to minimize your vulnerabilities, so if you choose to do so, make sure they are properly adhered to.
- Train your team to recognize, and respond to, cyberattacks appropriately. When your team does encounter a cyberattack of any kind, they need to know how they are to proceed. Establishing these procedures and developing plans to deal with these circumstances is an important step for you to take.
Whether you need assistance in securing your infrastructure with the proper protective solutions, training your team in more secure behaviors, or both, you can turn to Horne & Benik for assistance. To learn more about how we can make it more likely that you’ll have an outcome closer to Tesla’s than to so many others’, give us a call at (603) 499-4400.