Early warning system insider attacksStarted in April 2021
When an attack comes from the inside, the impact of an attack can be catastrophic, and could cause financial, reputational and regulatory consequences.
Cyberattacks can be catastrophic, and could cause financial, reputational and regulatory consequences. Usually, cyber-attacks are launched by external attackers from outside the organization. But they also could be triggered from the inside, e.g. an employee makes a mistake or if an employee is extorted by outside attackers.
Luckily, the probability of such an inside trigger happening is very small. Most organisations have some kind of screening for new employees in place, certainly for functions that deal with critical activities. On top of that, for the critical activities usually some measures are in place to prevent inside triggers from happening (e.g. the four eyes principle, where critical decisions have to be taken by at least two people).
But because the impact is so high, the ‘early warning system insider attacks’ PCSI project explores ways to detect in an early stage potential attacks that are triggered from the inside. The idea is to exchange information on insider attacks, combine this with public available information and collaboratively build intelligence on modus operandi of insider attacks that can be used to detect such attacks in an early stage. We will apply a multidisciplinary approach in which we combine intelligence on Human behavior with technical intelligence and electronic footprints to build a detailed modus operandi which can be used to early detect attacks that are triggered from the inside.
In the Explore phase we investigate the feasibility of the concept, which information is available that also can be shared and define a plan for the Proof of Concept phase.
This project is part of the trend
Growing number of insider attacks
Employees are increasingly getting involved in data leaks intentionally or unintentionally due to social as well as technical reasons. A growing market has emerged for confidential data on the Dark Web. As a result on the social side, data is increasingly being stolen and sold by malicious employees or used in other kinds of ways. There are different forms of intentional insider attack threats; e.g. an employee radicalizes, is extorted or has been premeditated to work in an organization. Also due to technical reasons (access without official permission) attacks (can) take place.