When we talk about responding to incidents that don’t involve malware, insider threat is usually one of the first things to come up. The picture that comes to mind is a specialist who was unjustly fired and wipes crucial data in revenge, or a shareholder dispute that leads to correspondence being exfiltrated…. or even an employee who decides to sell their corporate VPN access.
Investigating such incidents often results in a clash of biases. Two perspectives will likely emerge in a single war room briefing. On one side, there’s the incident responder who would lean toward blaming external hackers, as such threats dominate in their experience with cyber security. They think in terms of hacker groups, phishing kits, and the cyber threat landscape. On the other side, there’s the business owner who tends to suspect threats from the inside, competitors or a rogue employee. They are likely to have more insight into detecting corruption or corporate conspiracies than a cybersecurity expert would. In this edition of the Untold Story of Incident Response, Group-IB’s new series detailing some of the most notable cases faced by Group-IB’s Digital Forensics and Incident Response (DFIR) team during their more than 70,000 hours of diligent work helping organizations respond to cyber attacks, we’ll investigate which of them is right…Read More!
