Insider Threat: The Not So Hidden Threat To Your Organization
An insider threat is typically an employee or contractor who has authorized access to your organization’s critical systems or the data and poses a security risk to the organization by misusing the authorized access.
The insider doesn’t necessarily have to be a current employee or stakeholder. They can be either a former employee or board member who still has access to your organization’s proprietary or sensitive information.
As you can see in the image bellow there are a number of different types of attacks an insider can launch.
Over the years, TBG Security has developed a methodology for identifying insider threats to your organization.
An insider threat assessment addresses threats posed by trusted individuals and assets. Whether it’s a rogue employee, a nefarious contractor or an honest user who has fallen prey to a sophisticated phishing or malware attacks this service looks at weaknesses and malicious opportunity from the perspective of a user who already has access within the environment.
Insider Threat assessments are designed to test security controls already in place, to test the rigor of security configurations, identify areas of lax access controls, and to test the defensive mechanisms in place to spot and respond to abuses.
During the Insider Threat Assessment, a senior TBG security engineer will be onboarded just as if they were being given a position within the company and the organization will provide a corporate issued laptop. The TBG security engineer will be provided a user profile similar to that of a “standard” user within the company. The goal will be to take on the user identity and attempt to exfiltrate data and escalate rights both on the laptop itself and within and around the network and services to which the user has been granted access.
The Insider Threat Threat Assessment service will cover:
- Attempt to gain local access to the corporate provided device
- Attempt to identify sensitive data within data repositories that should be protected
- Attempt to exfiltrate data
- Attempt to bypass security controls using unauthorized VPNs, reconfiguration of security controls or any other means available to the user
- Will attempt to deploy offensive security tools without detection
- Assess the risk and impact of a limited-access employee’s access to sensitive data, critical assets, and the greater IT infrastructure as a whole
- Assume the same level of access as provided to the third-party to attempt to bypass security controls with the provided connectivity to simulate a malicious third party or compromised vendor
Benefits Of Working With Us
- Trusted cyber advisors for legal, gaming, finance, health and government sectors
- Never met an internal system we couldn’t hack
- Employ sophisticated social engineering tactics
- All successful exploits fully documented
- Certified Information System Security Professional (CISSP)(ISC)2
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Certified Ethical Hacker (CEH)
- GIAC Certified Intrusion Analyst (GCIA)
- Certified Information Systems Auditor (CIA)
- GIAC Certified Incident Handler, SANS Institute (GCIH)
- Certified Cisco Network Associate, Cisco Systems (CCNA)
- Microsoft Certified Systems Engineer, Microsoft (MCSE)
- Splunk Certified Architect (SCA)
Get In Touch
Want to learn more about our internal penetration testing services. We’re here to help.