The recent global IT outage – that brought large parts of the international transport industry to a sudden standstill on 19th July 2024 – was caused by a faulty software update to CrowdStrike’s Falcon platform. While this far-reaching technical glitch also brought disruption to the banking, retail, and public sectors, some cyber security professionals breathed a huge sigh of relief. Many initially feared that the incident was caused by a cyber-attack.
Microsoft reported that the outage impacted 8.5 million Windows devices worldwide, which all had to be reset in the days and weeks after the incident. Unsurprisingly, during this time, criminals tried to take advantage of the situation by setting up fake domains and launching phishing attacks.
Overall, the economic damage racked up was estimated to be billions of dollars. This sum is far greater than any single cyber-attack has cost the global economy ever. Cybercriminals can only dream of creating such mayhem, or getting into a position where they can hold businesses to ransom on an international scale.
What can we expect next?
But this raises an important question: what if a malicious actor could gain employment at a major technology company that has hundreds of business customers worldwide, and purposely upload a software bug to set an incident of this magnitude in motion? As a rogue ‘employee’ on the inside, could a threat actor cause havoc, claiming it was a genuine mistake, while their colleagues executed a ransom campaign at the same time?
While this may seem far-fetched, cybercriminals are known to go to great lengths to infiltrate organisations which supply software to entire sectors. They are resourceful and creative – and they commit cybercrimes for a living. So, it’s not beyond the realm of imagination that someone, somewhere, is plotting such an audacious heist right now.
Fake IT professionals
In fact, it recently came to light that KnowBe4, a cyber security awareness training company, was tricked into hiring a fake software professional, who was later revealed to be from North Korea. The company ran a host of background checks before employing the candidate but when the rogue ‘employee’ received their laptop to start work, they immediately started downloading malware. Thankfully, the company’s endpoint security detected this and flagged it to its security team. KnowBe4 reported on its website that the imposter used a stolen identity and enhanced the photo with artificial intelligence (AI).
While this was a particularly sophisticated breach of a company, it’s unlikely to be the only attempt of this nature. According to Microsoft, generative AI (GenAI) is now advanced enough to impersonate a person with just three seconds of audio and seven seconds of video. This could cause serious headaches for security teams. Contrastingly, if used well, AI can give defenders a disproportionate advantage against cybercriminals.
Cyber security is constantly evolving, so to keep up with new potential threats, including those posed by advances in AI, businesses need to remain vigilant and proactive in their security measures.
Infamous insider crime
Perhaps the most well-known case was that of Harold Thomas Martin III. The American computer scientist was a former contractor at Booz Allen Hamilton. In 2019, he pleaded guilty to illicitly removing 50 terabytes of data from the National Security Agency (NSA) – an organisation least expected to fall foul of this kind of crime. Over a span of 10 to 20 years, the US government allegedly failed to recognise or adequately address several issues with Martin’s security practices and behaviours. His motives for the crime have been disputed. Investigators reportedly struggled to determine whether Martin was engaging in traditional espionage or digital hoarding because, perhaps rather strangely, he never seemed to access any of the files he removed from government facilities.
Employee vetting
Companies, of course, vet prospective employees using a variety of methods to ensure they are a good fit for the position and the organisation. Common vetting procedures include background checks, reference checks, right-to-work checks, and social media screenings. Some even go as far as giving personality or psychological tests.
Due to the sensitive nature of their work, defence and cyber security companies have to follow more stringent vetting procedures than most other organisations. They might run citizenship verification, if there are rules around only hiring people from that country for certain roles, due to national security concerns.
At Quorum Cyber, we run a number of screenings on potential recruits including employment history, credit checks, digital ID, right-to-work in the UK, and Disclosure Barring Service (DBS) evaluations. All this is done via specialist external agencies. All Quorum Cyber team members undergo DBS checks and employee screening annually too. This is to ensure that they aren’t in serious debt and therefore more open to blackmail – a useful opportunity for criminals seeking access to networks. And before team members take on specific roles, they must also pass more stringent security clearance from government bodies, depending on the level of access to IT systems they require to do their job. This is essential for employees who investigate other organisations’ networks and systems for threats.
Make sure your security partner runs adequate employee background checks
So, before you choose your cyber security partner, be sure to ask exactly what types of vetting and assessments it runs for its employees. While it’s unlikely that cybercriminals will compromise companies and systems in this way, it has happened before, and it could happen again. Criminals aim to breach defences where and when people are least expecting it.
Find out how we can protect your organisation from data breaches
At Quorum Cyber, we are committed to helping good people win. Take a look at our range of cyber security and data security services on our website. Get in touch today to discuss how Quorum Cyber can help protect your organisation’s IT estate.
