BLOG

Insider Threat Kill Chain

Insider Threat Kill Chain: You Won’t Believe How ZoneFox Found 1 Engineer Stealing IP Worth £10m

11/07/2018 Insider Threat Intellectual Property

Insider Threat Awareness

With the stratospheric rise in high profile cyber security incidents just like Tesla, it is no wonder that the insider threat has peaked the interest of most IT managers and CISOs - as well as the media.

It’s well known that the insider threat can be difficult to identify and deal with effectively. And with more people than ever working flexibly, remotely and in the cloud, the threat has never been greater.

And with such high value data at risk, as well as the recent enforcement of GDPR, the stakes couldn’t be higher. That’s why looking internally, behind the perimeter, is so crucial to cyber security.

Cyber Security Strategy

Deploying policies, procedures and technologies - with the full support of the board and senior management - is central to insider threat mitigation, though it can be almost impossible to know where to begin.

Based on exclusive customer insights, we’ve pulled together a framework that breaks down the critical stages an insider goes through when stealing information from your company, enabling you to gain vital insights into user behavior.

To do this, we’ve paired our first-hand experience of identifying organizational weaknesses with the widely-recognized Cyber Kill Chain model, first presented by Lockheed Martin.

The Cyber Kill Chain

The Cyber Kill Chain describes the most common sequence of events observed in the majority of organizational cyber-attacks. Each of these steps is essential for an attacker to be successful. The stages of this proven approach to security incident prevention are defined as:

  • Reconnaissance
  • Weaponisation
  • Delivery
  • Exploitation
  • Installation
  • Command and Control
  • Actions on Objectives

Though typical of an external attacker attempting to gain entry through your perimeter, the classic Kill Chain is not necessarily representative of risk inside your organization. This is where the Insider Threat Kill Chain comes in.   

The Insider Threat Kill Chain

To identify whether someone is attempting the stages of the Kill Chain internally, ZoneFox has worked with partners and customers to identify the Insider Threat Kill Chain.

From employees and contractors to partners, there are many people who have access to your systems and data, yet they are so often overlooked when it comes to considering where data loss may occur. Based on our experience, the Insider Threat Kill Chain covers:

  • Recruitment or ‘Tipping Point’
  • Search and Reconnaissance
  • Data Acquisition
  • Exfiltration of Data

Shadow IT Risks

However recognizing stages of the Insider Threat Kill Chain is just part of the process. Each of the stages are difficult to identify as internal employees are generally granted access to critical data. They are also given permission to install applications which may be used to identify and acquire data for exfiltration. Insider Threat Kill Chain with the rise in shadow IT, and you may find that you have a number of blind spots within your organization.

This was the case with our client, a globally recognized engineering firm, which found itself being cheated out of IP worth £10m. Discover how we uncovered this threat in our exclusive Insider Threat Kill Chain Whitepaper.  

How To Protect Intellectual Property

Insider Threats are typically not sophisticated hackers, with malware or cracking tools, trying to break into your network. This is because they can often traverse and access your most vital information with ease - precisely because they are internal to your organization.

Unless you implement sufficient controls and auditing capabilities throughout the Insider Threat Kill Chain, your organization will not understand the key behaviors that result in current or former employees, partners, or contractors stealing, or innocently leaking, your business critical documents.

Discover how ZoneFox gives you this vital visibility, allowing you to deploy the correct policies and technical solutions to help identify and stop an Insider Threat before they are successful.

See The Insider Threat Kill Chain in Action.

Share This

See ZoneFox in Action

Watch our Demo Video and in under 30 minutes discover how ZoneFox can enable you to bolster your insider threat security with the ability to make rapid, smarter decisions to secure employees and defend corporate IP.

Watch Demo