There’s no doubt that the biggest threat to your enterprise is a malicious and capable employee. Even highly skilled blue teams shutter at the idea of a disgruntled administrator using their privileged account to wreak havoc on corporate resources on their way out. Evan worse is the idea of of an admin quietly turn a knob and flipping a switch over the span of weeks to slowly siphon off trade secrets and client lists.
There are mitigations to help avoid these threats such as least privilege account management, role based access control, data loss prevention measures and so on but lets face it, even the most robust and secure models are vulnerable in some way to the insider threat.
Are you ready to test your company to see if they could recognize a hacker in their midst? An insider threat emulation (ITE) might be exactly what you need. Contact me and lets see if an ITE is right for you.
I’ll apply to your company and work to get myself hired in any capacity, I’ll spend some time making friends and assimilating with the team. I’ll also try and find as many ways as possible to exfiltrate data and disrupt services (within the confines of a contractual agreement). If desired, I’ll gradually get more brazen throughout the engagement until discovered by your defense team.
You’ll receive a report documenting every method I tried to extract data outside the boundaries of your company. Your data will be 100% safe in transport and in storage and will be returned to you at the end of the engagement during the debrief. I’ll stay on with you and your company for as long as you need to advise on new safeguards related to my findings and help give you some additional piece of mind that you’re doing your absolute best to protect your data.
ITE vs. Red Team
Traditional red team engagements often don’t cover the same vulnerability areas as an Insider Threat Emulation. Skilled red teams will attempt social engineering but usually don’t take any time to form a real relationship with other employees. An ITE evaluator will work to gain the trust from their peers so they don’t suspect ill intent.
An ITE isn’t designed to discover how a low level account can be escalated to administrator (although PE methods may be used) but rather demonstrate the abuses that can be done with the privileges granted to everyday employees/administrators.
Red teams engage on two surfaces; customer facing staff and Defensive operators. An ITE can come from anywhere and test the softer, less scrutinized employee sectors. Do you give your facility managers computer access? Have you ever assessed what a malicious insider would be capable of doing if they impersonated themselves as that type of employee? What about your janitorial staff?
What’s next?
Interested in putting your company to the test? Contact me and lets discuss how I can help you build a stronger, safer, cyber smart employee base to help you identify and protect against insider threats.