Zero Trust Remote Access Helps Protect Data Against Internal Threats

Zero Trust remote access doesn’t just help protect you against unwanted intruders; it helps keep internal threats at bay. Despite all efforts to hire upstanding citizens and deliver comprehensive security awareness training, large enterprises are only ever one negligent or vindictive employee away from potential disaster. Leveraging the same architecture that helps organizations protect themselves against external security threats, Zero Trust security mitigates the risks associated with disgruntled employees, malicious insiders, and others who may simply make human errors that unfortunately place an organization at similarly high risk for an attack.

Zero Trust Remote Access Helps Protect Data Against Internal Security Threats

Estimated reading time: 4 minutes

The Case for Zero Trust Remote Access

According to the 2020 Cost of Insider Threat Global Report published by the Ponemon Institute, the number of internal security incidents increased globally by a staggering 47% between 2018 and 2020, each of them leaving varying degrees of havoc in their wake. This, combined with the rapid growth of external threats, is prompting the global shift towards Zero Trust security.

Zero Trust security platforms like the FileFlex Enterprise Zero-Trust Remote Data Access Platform mitigate security threats by reducing trust zones. Using micro-segmented access, FileFlex Enterprise grants users access to files and folders, encrypting files and granting access with the least privileges required to complete a task.

How ASM Group Fell Victim to an Internal Breach

ASM Group is a financial services organization serving North America and Asia. The company has 300 employees (the majority in Canada and the US; the remainder in Hong Kong) and manages more than a billion USD in assets.

During a particularly busy week leading up to Christmas, ASM Group’s CFO received an email that was far from festive, let alone friendly. Sent through an anonymous email service, it read as follows:

We are the Cl0p group, we have attacked your organization and downloaded over 40 Gigabytes of your and your client data [sic]. As proof we are attaching the following images of the directory structure of your financial fileserver and HR fileservers. We have also downloaded many legal contracts that demonstrate your relationship with many clients that we believe you would want to keep confidential. 

 We are business people, if you make a payment all data will be deleted and you will never hear from us again. Our demand is 15 Million dollars payable in bitcoin. 

To determine the validity of the ransom threat, the CFO promptly reached out to the director of the company’s four-person IT team who confirmed that the images attached to the email did indeed reflect the current files in ASM Group’s critical systems. An investigation ensued.

Trust Nobody, Ever. Not Even Your Most Loyal Employees

Lacking the internal resources needed to determine how and by whom the files had been accessed, the company engaged the services of a forensic analysis investigation firm. An elaborate investigation revealed that a significant number of files had been remotely copied from the company’s systems onto the corporate laptop of an IT administrator called John (name changed to protect identity). Further investigation found that the files had then been copied from the laptop onto a USB key.

John was subjected to an open-source intelligence investigation that revealed he had registered accounts on a number of Russian hacking forums. Situated on the dark web, these forums allow participants to converse in relative anonymity. John’s login name was found following an investigation of log files, as were messages he had posted seeking out criminal groups with an interest in buying data belonging to ASM Group.

The evidence collected led to John’s arrest but that’s not the end of the story. To address the fact that their confidential data was in dangerous hands, ASM Group was forced to respond to the cybercriminals’ note, negotiating a lower but nonetheless substantial ransom payment of five million dollars.

Keep in mind that inside attacks pose more than a financial threat

As outlined in the Ponemon report*, the business threats of an inside attack were determined to include:

  • theft or loss of mission-critical data or intellectual property
  • impact of downtime on organizational productivity
  • damages to equipment and other assets
  • cost to detect and remediate systems and core business processes
  • legal and regulatory impact, including litigation defense cost
  • lost confidence and trust among key stakeholders
  • diminishment of marketplace brand and reputation

Who are the employees that potentially pose such threats to your organization?  

Who knows. That’s the very reason Zero Trust remote access exists.

In the case of ASM Group, the threat began with a disgruntled and vengeful employee who resented the fact that company executives had received a sizeable bonus that year while the IT administrators had received nothing.

In other cases, the attacker might be an individual hired by a competitor and tasked with securing employment within your organization for the purposes of corporate espionage, or an existing employee (most likely an IT administrator) approached by hackers to steal information, grant access to your servers, and/or deploy ransomware with the promise of financial return.

Alternatively, the culprit may simply be a loyal, well-intentioned employee that happens to make a human error.

Zero Trust Remote Access Lowers the Risk of Your Environment Being Compromised

Regardless of who poses the threat, Zero Trust remote access lowers the risk of your environment being compromised, in part because remote file access activity becomes visible and auditable to the point that should one employee make a wrong move, management will likely spot it and flag it.

As human beings, we are inclined to trust

That’s why organizations are moving away from traditional file sharing and towards Zero Trust remote access platforms like FileFlex Enterprise. FileFlex Enterprise makes unauthorized remote file access next to impossible and, in the unlikely event that security is breached, provides an activity log so that you can investigate and respond to incidents before thousands, if not millions of dollars in damage occurs.

Are you ready to join the global shift towards Zero Trust remote access?

If so, contact us to learn more about FileFlex Enterprise – the world’s #1 Zero-Trust Data Access Platform and the only Zero Trust platform that provides secure remote access to your files and folders.

For more reading on why Zero Trust remote access is fast becoming the go-to for enterprise security, read Why Zero Trust, Why Now

Mr. Dubrovsky serves as Executive Cyber Advisor to the CEO and Board of Qnext and is a leading information security expert and management executive who has built and led cyber consulting practices for nearly three decades. He holds a number of academic and industry certifications, including BSc, MSc, MBA, OSCP, and the CISSP designation, and can also be found teaching at York University’s cybersecurity program where he sits on the advisory board and acts as both a course developer and an instructor.