What all Cybersecurity Professionals Need to Know About Insider Threat Kill Chain

Jonathan Daly
Chief Marketing Officer, Dtex Systems

Cyber Security is regulatory - not optional - and all business owners are required by law to comply.

Cyber security and data security compliance is more than just best practice - it's a regulatory requirement for all business owners. Cyber security and data security compliance involves the implementation of a robust Information Security Management System (known as an ISMS).

An ISMS is a unique blend of people, policies and technologies designed to protect the privacy, integrity and accessibility of data information in cyberspace.

Your employees are most likely to compromise your data

One of the most common areas of compromise in any IT system is the people who use and manage these systems. In fact, according to the Verizon 2021 Data Breach Investigations Report, 85% of breaches involved the human element.

If people are to blame, is it malicious or negligence?

The simple answer to this question is both, just last year DTEX Systems’ 2020 Insider Threat Report showed a 450% increase in employees deliberately bypassing security controls to intentionally mask online activities.

DTEX Systems have seen a 230% increase in behaviors that indicate intent to steal confidential company, client and public data.

Two network security specialists conferring over a tablet in a server room

Companies are missing the early warning signs that could help them prevent these insider attacks

DTEX Systems, a company who are committed to understanding the psychology of high risk employee behaviours and building software solutions to manage this risk partnered with the Ponemon Institute to better understand the leading factors of this increase.

Based on a comprehensive survey of 1,249 IT and IT security professionals in North America, Western Europe and Australia/ New Zealand, the findings reveal that organizations are missing the early warning signs of insider threats and the desired endgame or intent of the perpetrators.

As a company owner or cyber security professional, how can I detect these Insider attacks before it’s too late?

It’s not all doom and gloom and the great news is that early warning detection can significantly increase your company’s resilience to these insider attacks.

The vast majority of security threats follow a pattern or sequence of activity leading up to an attack - and insider threats are no exception. Many security professionals are already familiar with Lockheed Martin’s Cyber Kill Chain and/or the MITRE ATT&CK framework (if you aren't familiar with these, they are well worth a read). Both frameworks describe the various stages of an attack and the tactics utilized by an external adversary.

Security chain

Is there a framework which deals specifically with internal attacks?

Since human behavior is more nuanced than that of a machine, insider attacks follow a slightly different path and thus require a different approach. To this end, DTEX Systems have conducted thousands of insider threat investigations of incidents.

At DTEX Systems, the Counter-Insider Threat Research Analysis team have identified the insider equivalent framework - the ‘Insider Threat Kill Chain’. The Insider Threat Kill Chain encompasses the five steps present in nearly all insider attacks: Reconnaissance, Circumvention, Aggregation, Obfuscation and Exfiltration.

Follow DTEX on LinkedIn to receive exclusive access to exciting new content and the next part in this series where we will break down and explain the five steps present in nearly all insider attacks and show you what you can do to reduce your risk and stay compliant.