Employees play a crucial role in cybersecurity as they are often the first line of defense against cyber threats. Their actions and awareness can significantly impact the overall security posture of an organization.
Employees can inadvertently become a weak link in the cybersecurity chain, either through unintentional actions or falling victim to social engineering attacks. A significant security threat to which nearly 100% of enterprises feel vulnerable (2021 insider threat report).
It is important to note that an insider is anyone with authorized access to, or knowledge of, an organization’s resources. Hence, not all insiders are employees (but we’ll get into this later).
Amateurs Hack Systems, Professionals Hack People
Unintentional Employees CyberSecurity Threats
There are generally two umbrellas under which several types of employees cybersecurity threats will fall: intentional and unintentional. Unintentional threats in the hardware domain are, typically, acts of negligence. The employee will handle hardware assets carelessly, inadvertently putting the organization at risk. According to a report by the Ponemon Institute, more than 50% of employees cybersecurity incidents are caused by negligence.
When it comes to hardware attacks, the perpetrator uses social engineering techniques to catalyze negligent actions by manipulating the employee’s cautionary instincts towards devices. For example, malicious actors can exploit human greed by offering free iPhone chargers as part of a promotional deal. By strategically locating themselves near the target enterprise, attackers can entice employees on their way into the office. Who will likely accept the familiar device without second-guessing its integrity. Nonetheless, once plugged in, the device – actually an attacking tool in disguise, known as the NinjaCable – will carry out a harmful cyberattack (USB Attack).
In continuation with the theme of chargers, airport charging kiosks offer travelers in need ease and convenience. Rather than rummaging through their bag, an open docking station equipped with a charging wire stands a mere few steps away from the unsuspecting victim, more accessible than the charger buried deep in their hand luggage. Yet, this is not just any charger. Once connected, it not only charges the device but now has access to its contents. Some of which are probably work-related, even if only an email account.
Intentionally Employees CyberSecurity Threats
Other types of employees cyber security threats get carried out intentionally. Despite being less common, accounting for only 26% of insider attacks, these premeditated acts are usually more harmful due to the attacker’s knowledge of the organization and its systems (insider threats global report). They know where the weak spots are.
Unethical employees tend to be financially motivated and can bring a rogue device, such as a compromised USB (bad USB) thumb drive like the Rubber Ducky, into the organization with relative ease. Disgruntled employees, too, have the necessary physical access but are not necessarily incentivized by money. Instead, these perpetrators seek vengeance against an organization that, in their eyes, has wronged them.
Intentional employees, however, can act unwillingly. Blackmail is another social engineering technique attackers deploy to get insiders to use a manipulated device – this time, wittingly. So, while the employee intends to harm the organization, they do so under coercion. The attacker is simply using the employee as a vessel to get the device into the physically secured enterprise (Human Factors in Cybersecurity).
Third Parties Cybersecurity Threats
Third parties are another significant cybersecurity threat to enterprises. These are the individuals who, despite not being directly employed by the company, still have some form of access to the organization. Hardware attacks involving third party insiders, such as in an evil maid attack or evil patient attack typically exploit outsourced personnel. These workers have access to the building yet lack loyalty to the organization and are, thus, more likely to give in to a bribe. Alternatively, the attacker can disguise themselves as a cleaner and gain access to the building. They are unlikely to raise any suspicion, especially in a large enterprise where temporary workers are commonplace. Once inside, the “cleaner” (be it an actual cleaner bribed to carry out the task or the attacker in disguise) can implant a rogue device.
Employees Role in CyberSecurity
Throughout this blog, we have related some key aspects of the employees role in cybersecurity. Why, you might be wondering, do bad actors opt for this attack method? Well, not only are there numerous tools on the market, all with varying functionalities to carry out a range of different attacks, but rogue devices also act completely covertly. Thus, raise no security alarms, allowing for deep infiltration and perilous attacks. In fact, for 28% of enterprises, difficulty in detecting rogue devices is making it increasingly challenging to identify and prevent insider attacks, according to Insider Threat Report.
Spoofed devices (such as the compromised iPhone charger – juice jacking) have been manipulated on Layer 1 to impersonate legitimate HIDs. Existing security solutions, such as NAC, EPS, IDS, or IoT Network Security, fail to cover the Physical Layer of the OSI Model. This means the spoofed device gets recognized as the legitimate device it is impersonating rather than what it actually is. On the other hand, network implants operate on Layer 1, thus going entirely under the radar of security tools.
Sepio Hardware Access Control
Sepio’s Hardware Access Control (HAC-1) solution provides a panacea to the gap in device visibility to prevent insiders from harming the enterprise through the use of rogue devices. By going deeper than any other solution, Sepio physical layer visibility means no device goes unmanaged. The solution identifies, detects, and handles all IT/IoT and OT device security trough physical layer visibility. Using this visibility to support the solution’s policy enforcement mechanism and rogue device mitigation feature, Sepio instantly detects any unapproved or rogue hardware, blocking such devices through an automated mitigation process carried out by third party tools. The Zero Trust Hardware Access approach offered by Sepio provides protection at the first line of defense and prevents the abuse of insider access privileges.
HAC-1 requires no hardware resources and does not monitor any traffic. Within 24 hours, we can provide you with complete asset visibility and identify previously undetected rogue or vulnerable devices. They might be insiders, but with HAC-1, their physical access isn’t getting a rogue device much further than the door.