We’ll just help ourselves.
We’ve talked about your employees committing these acts—but our At-a-Glance table shows that we see other kinds of threat actors in this pattern. Interestingly, we see multiple threat actors (Internal, External, Partner—some combination of these three) in 7% of the breaches. This is collusion—evidence of multiple kinds of Actors working together to bring about a data breach.
Indeed, we have seen instances where organized fraud gangs have sent in people with the objective of being hired by businesses for the purpose of facilitating large-scale scams. We have seen this in multiple industries, and it has continued to plague organizations for years. These people can be difficult to spot—they may present and interview convincingly. This practice by financially motivated criminal groups makes it even more important to have your detective controls in place to catch the inappropriate access that these people are enabling. One of the difficulties in responding to an incident like this is that no company’s onboarding process is perfect, and most onboarding involves getting the new hire added to various groups and systems that aren’t always directly controlled by IT. Those investigations often reveal process-related weaknesses in the IT infrastructure.
We are increasingly seeing Privilege Misuse breaches paired with Fraudulent transactions, more so this year than in the past several, as shown in Figure 49. Fraudulent transactions are an Integrity violation that is frequently the end game of the BEC and is typically a money transfer to a threat actor-controlled bank account. However, since Internal actors already have access to the systems where bank accounts and routing information are stored in these cases, they’re probably just making that banking update themselves. Seeing Internal actors increasingly just redirect funds is especially concerning, considering it may be someone in a position to siphon significant resources away from the organization.
