SONY, a global tech giant, was brought to kneel this past week by the most devastating type of cyber threat, an “inside job”. Losses weren’t only confined to a single division but rather affected nearly every operating unit of the global brand. Denied access to online systems, the worldwide workforce resorted to using pens, paper, landline telephones, and fax machines to perform essential duties. As reported by The Verge, the alleged culprits involved personnel with physical access to the computer network. More than a denial of service outage shrouded in a political statement, this was a heist of monstrous proportions, possibly perpetrated by North Korea in retaliation for the film “The Interview”. At least five unreleased movies from Sony Pictures were stolen and subsequently circulated freely to the public, with over 880,000 downloads in just a single day. The damage in terms of lost productivity and revenue is incalculable. Losses including those from high-profile feature films such as “Fury,” will be hundreds of millions of dollars against an already teetering balance sheet. This was the last thing Sony could afford yet the company employed no technology capable of detecting or repelling such an attack.
“At Personam, our Insider Threat Detector is the most advanced in the world.”
Sony isn’t alone, the vast majority of companies and government agencies are equally vulnerable from an inside job perpetrated by a rogue employee or person with inside access. The most advanced firewalls provide little protection against the enemy cloaked as a trusted insider with access. Defensive measures point outward, assuming attackers will assert their greatest effort against the strongest fortifications. However, attackers target the weakest layer of security, the trust place in employees with access to the network. Thieves, activists, and foreign spies spear phish credentials from top-level employees or outright recruit those individuals to their cause. The hactivist organization Anonymous, for example, deliberately inserts members into job interviews to plant those members in positions of trust.
Sony’s situation doesn’t need to be the new normal. The insider threat is preventable. Not through defending assets but instead employing behavior profiling. Improved hiring practices, background checks, two-factor authentication, advanced firewalls, and log-file analyzers are ineffective at detecting a committed insider. The only real way to defend against the insider threat is to deploy automated behavioral profiling that indiscriminately observes distinct features and employs a non-parametric alerting system, meaning it uses no “set rules” for an insider to discover or bypass. This technology is effective, maintains employee privacy, and is available today.
At Personam, our Insider Threat Detector is the most advanced in the world. Our latest appliances are non-intrusive and easily inserted into local networks. These systems have caught insiders engaged in illegal or prohibited behaviors in 100% of their installations, a testament to how common insider threats truly are. Our detectors are so sensitive that the faintest threats are detected yet well-behaved enough to produce few false-positives.
If Sony had used Personam’s Insider Threat Detector, their current breach could have been prevented. For less than the cost of one hour of outage, Sony could have protected their entire company for years. The current best practices are ineffective at catching real insider threats and give a false sense of security. Companies and government agencies must acknowledge the damage insiders can bring and immediately prioritize non-parametric behavioral monitoring technologies that preserve the privacy of each employee’s digital activities while detecting malicious intent.