Vulnerabilities / Threats //

Insider Threats

6/26/2018
03:15 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
50%
50%

Insider Dangers Are Hiding in Collaboration Tools

The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.

Digital collaboration technologies are accelerating productivity in the post-phone-call workplace, but tools like Yammer, Workplace by Facebook, and Slack have their dark side. While these channels can help speed group decision-making, they also serve as an enterprise blind spot for insider threats to do their worst – not to mention being open conduits for spreading negativity and toxic behaviors among the ranks. 

A new report out today from Wiretap measured the prevalence of insider risks from collaborative communication tools, both in public and private conversations. It found the platforms are rife with uncontrolled sharing of sensitive information and password sharing.  

In a study of over 1 million employee messages, the "Human Behavior Risk Analysis" report found that confidential information is shared in one out of every 118 public communications. Meantime, passwords are shared in one out of every 262 communications. Private communication channels are worse. Private conversation messages are 165% more likely to contain identification numbers and 76% more likely to contain passwords. 

Additionally, though they are relatively rare, negative and toxic communication between employees on these platforms also open up organizations to a number of risks. The study shows that one out of every 380 public messages receives a negative sentiment score, and private groups and one-on-one conversations were 1.5 times more likely to contain negative messages. Meantime, toxic communications containing sexual language, bullying, racial slurs, and other potential harassing modes of communication account for one out of every 170 messages. This not only opens up the organization to legal risks and drains on team morale, but also could be red flags for future malicious actors. 

"Sentiment and toxic behavior are closely associated with insider threats," explains Jason Morgan, who led the research on the report and is vice president of behavioral intelligence for Wiretap. "Dissatisfied or disgruntled employees are much more likely to act in ways contrary to an organization's interests. As a gauge of individual, group, or company mood, low sentiment scores can act as a leading indicator of possible future insider malfeasance. Happy people are more likely to act in the interests of the organization; unhappy people are more likely to cause problems."

Inappropriate communication and unauthorized sharing of sensitive data is hardly new, but the fact that these insider risks are transitioning to collaboration tools should raise the eyebrows of enterprises that have worked hard to mitigate insider risks in recent years. At this point, 78% of organizations report some sort of active monitoring of phone, email, or Internet use. However, collaboration tools can often be a blind spot in the enterprise monitoring technology stack.  

The casual nature of communication on these channels promotes a greater level of sloppiness from a cybersecurity perspective, too.  

"This creates a scenario where inadvertent actors may accidentally and negligently share sensitive data because they put something in writing they wouldn't ordinarily email to a colleague," the Wiretap report explains. "Unfortunately, this also creates more space for malicious insiders to pray on those inadvertent actors."

These concerns will only grow in the coming years as collaboration tools continue to gain traction in the enterprise. According to a recent report, 57% of organizations plan on increasing their spending on collaborative tools in 2018.

Related Content:

Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go here for more information on this free event.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:03:15 PM
Re: Insider
@Dr.T: They may be unavoidable, but they can be quickly mitigated with proper network monitoring to detect aberrant behavior.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:02:02 PM
Measuring negative sentiment
I'm kind of concerned about tracking negative sentiment on private-communication employee channels to tie to individuals. It's one thing to look at it as an overall possible indicator of current and future employee satisfaction, but it's another thing altogether to look for "thoughtcrime". Everybody's got a gripe at some point in their work environment; that alone means nothing.

And as for legal risk about discriminatory remarks as well as InfoSec risk about confidential data being spread and maintained in private channels, best to use ephemeral communication channels where communication is encrypted and promptly deleted. That way, no damaging messages of any kind -- security risks, legal risks, etc. -- are kept and maintained. The modern enterprise hoards too much data as it is.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 9:03:47 AM
Educate employees
According to a recent report, 57% of organizations plan on increasing their spending on collaborative tools in 2018. I am still in favor of enterprise collaboration tools since we can use them to educate employees agains attacks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 9:02:25 AM
Insider
"This creates a scenario where inadvertent actors may accidentally and negligently share sensitive data because they put something in writing they wouldn't ordinarily email to a colleague," Insider attacks are unavoidable if somebody wants to do it. Maybe trainings can help here.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:57:49 AM
Confidential
In a study of over 1 million employee messages, the "Human Behavior Risk Analysis" report found that confidential information is shared in one out of every 118 public communications. This number shows quite high level, in a Slack envirment we tend to share confidential information as we do in email.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:54:22 AM
Negative sentiment
The study shows that one out of every 380 public messages receives a negative sentiment score, That makes sense, you can really get a lot out of an ESN site.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:52:17 AM
Passwords in private channels
Private communication channels are worse. Private conversation messages are 165% more likely to contain identification numbers and 76% more likely to contain passwords. I agree, I constanlty see password being shared in slack channels, regardless private or not.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:49:51 AM
Re: IT Security Hygiene for employees
Frequently we find clients that have their entire Google Drives open Obviously a bad practice. It needs to be a least privileged access on the drive. ESNs are a little bit different, you need more collaboration options than not.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:47:59 AM
Re: IT Security Hygiene for employees
I think there is a lot of confusion about what can be seen and who can view it. There are certain level controls on enterprise social networking tools such as Facebook workplace, but I agree it needs to be adjusted to company culture to avoid issues coming with it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 8:46:13 AM
Re: Similarities to physcal security
Just last week my office ran an active shooter seminar. Congratulation on this practice, it is important to create awareness for the employees on this issue.
Page 1 / 2   >   >>
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14084
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell().
CVE-2018-14085
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function swe...
CVE-2018-14086
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell(...
CVE-2018-14087
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the fallback functio...
CVE-2018-14088
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in withdrawToFounde...