Contrary to belief, insider threats are not always employees looking to steal company data and information with malicious intent.
Many instances of data exfiltration at the hands of insiders are the result of simple mistakes, such as responding to a pretexting email. These unintentional insider threat incidents are some of the most frequent (and costly) experienced by organizations, according to a 2018 survey conducted by the Ponemon Institute.
What is Pretexting?
A pretexting email is a form of social engineering in which an individual lies to obtain privileged data. The criminal is primarily purporting to be someone they are not, usually within the victim organization. Aside from the fact that this email appears to be real, the pretexting attack works because it often carries a sense of urgency.
For example, it may ask the finance department to transfer money immediately to a third-party. An employee, in a panic, fails to properly assess the potential threat and begins the paperwork for the transfer. The employee then sends details of the transaction to the C-level manager for approval by responding to the false email. The criminal acting as the C-level manager will, of course, approve the transaction. Soon, the money is transferred – perhaps to a bank account in Switzerland or the Cayman Islands – never to be seen again.
Unfortunately, it often takes weeks, or even months, for a company to notice an insider threat incident – if they do at all! What can be done to limit the risk of a pretexting scam or insider threat incident, and rapidly react in the event that one occurs?
4 Ways to Avoid Pretexting Attacks
1. Filter Employee Emails
Do you know what programs or services your employees (or contractors) are using to send, receive, and read email? Are you actively filtering these emails for likely nefarious activity indicating keywords? You can reduce risk of accidental insider threat incidents, particularly pretexting scams, by filtering emails and access to out-of-policy applications with the right insider threat management tools. Users will be shown a notification coaching them on how an activity may be a breach of policy, and security teams can be notified of any inappropriate activity in real-time.
2. Provide Awareness Programs
Awareness training is key to help employees avoid falling for pretexting scam emails and becoming another accidental insider threat incident waiting to happen. Whether it is through an all-hands-on-deck finance meeting, or a high-priority reminder email, your business is at risk if your employees are not given the information or the risk assessment tools to help them look out for these types of scams and stay present and alert.
3. Establish a Policy to Handle Suspected Pretexters
What happens when you catch a pretexter? Develop a policy with HR and legal teams at your organization on how to handle the situation if you find out an employee has fallen for a pretexting scam. This policy should include: how to log incidents or activity trends, consequences for breaking policy, how to pull valid proof, and which authorities the employee should notify, if applicable.
4. Get an Insider Threat Management Solution
The best cybersecurity policies need the right tools to help get the job done (and done well). Insider threat management solutions like ObserveIT empower teams to uncover risky user activities in real-time, rapidly investigate incidents when they occur, and prevent data loss. The best part: it won’t require days, weeks, months, or years to fully configure, and metadata tagging isn’t required!
Interested? Learn more about how ObserveIT can help your organization manage insider threat risks, including defense against pretexting scams.