Two men are being charged with bribing AT&T employees to unlock phones, compromise the corporate networks, distribute malware, and access customer devices. This went on for several years, going back to 2012, according to the Department of Justice documents. In total, over a million dollars was given out as bribes. Employees were approached online and paid secretly by the accused through shell companies and in cash.
This situation exemplifies the real risk of insider threats. Volumes can be written about how such risks increase over time. Digital environments are even more susceptible to such risks due to the ability of scale, irrelevance of geographic barriers, obfuscation tools, and outdated access architectures which give insiders tremendous control and influence.
This is a good case that shows how trusted employees can be manipulated (ie. 'handled') and turned into cancerous agents from within which undermine an organizations security, safety, privacy, trust, and revenue opportunities.
How many of those customers were using their phones for banking, private communications, or stored sensitive data on the devices. Were there online wallets, connectivity to work networks, or access to financial accounts that could then be accessed by such attackers?
In our digital world, we all rely on technology to communicate, support decisions, and conduct secure transactions. Insiders have much more access than external malicious hackers to the information and to key infrastructures, putting everyone at risk if proper predictive, preventative, detective, and response controls are not in place and managed accordingly.
Nobody is immune. Insiders can impact any company. In this case it was likely about unlocking phones and therefore AT&T was attacked.
Now imagine a threat agent making similar maneuvers to steal IP, cause non-compliance to regulations, use corporate assets as part of an attack against 3rd parties, steal financial assets, sell customer data, gain inside knowledge of acquisitions, inject vulnerabilities/malware into products, distribute ransomware, or to bring down the availability of services for an extended period of time. Such attacks could happen in the financial, healthcare, communications, critical infrastructure, government, or online services sectors with such an impact as to crater even a large organization and victimize millions of people.
Cybersecurity teams often focus on external threats (the infamous hoodie wearing 'hackers') and ignore an entire facet of risk around insiders. It is not a pleasant thought, that trusted coworkers, vendors, suppliers, and even executives might be acting in harmful ways.
Are we ready to discuss this uncomfortable subject yet?
