Cyber criminals are frequently turning to insiders to gain access to telecommunications networks and subscriber data, according to a new report from Kaspersky Lab.
According to the report, 28 percent of all cyber-attacks and 38 percent of targeted attacks now involve malicious activity by insiders.
Telco providers are some of the top targets for cyber-attacks due to the vast amount of confidential data they collect, so criminals are recruiting employees through underground channels or blackmailing staff with compromising information to carry out their attacks.
The blackmailing approach in particular has grown in popularity as a result of breaches that have leaked sensitive or embarrassing data (E.g. the Ashley Madison leak) and insiders are often specifically targeted in order to gain access to the most confidential data or cause the most damage.
“The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organization in a world where attackers don’t hesitate to exploit insider vulnerabilities,” said Denis Gorchakov, security expert, Kaspersky Lab.
“Companies can start by looking at themselves the way an attacker would. If vacancies carrying your company name, or some of your data, start appearing on underground message boards, then somebody somewhere has you in their sights. The sooner you know about it, the better you can prepare”.
In order to help protect themselves, Kaspersky Lab advises organizations to educate staff about cyber security best practices, restrict access to sensitive data and systems and carry out regular security audits.