Following the news that an Australian man has been sentenced to three years in prison after pleading guilty to 11 charges including insider trading and unauthorised access to data with the intention to commit a serious offence, security experts commented below.
Matt Lock, Director of Sales Engineers at Varonis:
“For the average cybercriminal, the prospect of breaking into a company to steal insider information without ever having to step foot in a building and ruffle through reports on employee desks is a tempting idea. An IT consultant with the time, interest and criminal inclination could easily gain the knowledge and tools needed to crack the average corporate network. It’s alarming that the perpetrator is reported to have stayed on the network for four full years. Cybercriminals are notorious for moving low and slow on a network to avoid detection, and this is a classic example.
Instead of robbing a bank, criminals know they can boost their own ill-gotten profits by stealing sensitive insider information. Financial organisations must stay on guard for disgruntled insiders and criminals that disguise themselves as legitimate users. This news should prompt discussions and hard questions in corporate boardrooms around the world.”
Joseph Carson, Chief Security Scientist & Advisory CISO at Thycotic:
“The insider trading threat has been a major risk to all governments and organisations around the world for many years however it has recently evolved into the new digital era abused by cybercriminals”.
This new era of cyber security digital inside trader is actually an external cyber-criminal who has stolen valid credentials, gaining unauthorised access using a trusted identity allowing them to access to the most sensitive confidential information the company has. This can include a myriad of financial details and future financial forecasts.
For the cybercriminal, the goal is NOT to install malicious malware or disruptive ransomware forcing the company to pay-out, in fact these cyber criminals do not even steal the data or threaten to disclose it. In common with nation state actors, cyber criminals do not want to be detected, and so employ the same techniques – their goal is financial gain, and to do this they need to remain hidden from their unsuspecting victims.
In this case after discovering the PPP’s upcoming stock recommendation reports, before they were publicly released, Steven Oakes was able to make seemingly legal investments just like any other trader. Knowledge of confidential information is one of the most dangerous risks on the internet today and will be abused by cybercriminals for profit.
The inside trading threat has evolved and the world needs to evolve to prevent and detect such threats.”