Making Insider Threats A Year Round Priority

When it comes to cybersecurity, the focus can often be on external threats. However, with 83% of organisations reporting at least one insider attack in 2023, this is an issue that needs to be a top security priority year round.

Insider threats have become both more frequent and costlier over the last few years - with the average cost rising to $16.2 million in 2023. Despite this, less than 30% of organisations are confident that they can handle an insider threat, suggesting a huge mismatch between the scale of the problem and the focus on the solution. With all of this in mind, we spoke to six security experts to get their advice on what organisations should be doing in order to build a successful insider threat defence.

It's All About The Culture

One of the biggest mistakes organisations can make when it comes to insider threats is assuming that the problem can be solved by one piece of technology, or by putting one security policy in place. Instead, an effective strategy requires buy-in from the leadership team and a whole organisation culture shift. 

“Lets not forget an insider threat can come from any level within an organisation—employees, contractors, or even business partners,” explains Andy Swift, Cyber Security Assurance Technical Director, Six Degrees. “The motivations behind these threats vary, from financial gain and personal grievances to negligence and lack of awareness. Therefore, a comprehensive approach to managing insider threats involves not only advanced technological solutions but also fostering a culture of awareness and responsibility among staff.” 

He continues: “It all starts with strong access controls, regularly reviewed permissions, and monitoring of user activities; carefully consider who needs access to what and why, and then think forensically - if you can’t provide an audit trail from a central location for administrative or general user actions across a range of systems, your early visibility of potential insider attacks can be dramatically impacted.”

Des V. Anderson, CTO and Co-Founder at LearnUpon, agrees that tackling insider threats relies on the efforts of the whole team. “What’s most important is to equip your teams with the right tools and solutions to succeed and at the same time, create a culture of knowledge sharing that encourages employees to take charge of security through strengthened passwords, two-factor authentication, and anti-phishing awareness,” he argues. “Security leaders also need to invest significant effort into training developers to have a strong emphasis on security. They must provide them with insights into best practices and encourage them to utilise automation to handle standard security assessments.”

Being Smart About Technology 

Of course, security tools do have a vital role in the prevention of cyber threats. “Prevention is better than cure and many businesses are putting multiple layers of security in place, supported by tools such as continuous monitoring, identity and access management and thorough security compliance training for all employees,” explains Terry Storrar, Managing Director, Leaseweb UK

However, he points out that “more tooling does not necessarily mean more secure.  It is also crucial that all these measures are integrated to prevent gaps in cloud security architectures.  IT and security teams should also look to harness automation – for example, to identify and track misuse of confidential data - to further boost the security of their cloud environments.”

Brett Candon, VP International at Cyware, believes that consolidation of security functions is key. “In a process known as cyber fusion, all security functions are consolidated,” he outlines. “By combining threat intelligence, security automation, threat response, security orchestration and incident response into one single, interconnected platform, IT teams can detect, manage and respond to threats in the fastest and most efficient way possible.”

He continues: “The key is collaboration. Both inside and outside the organisation, businesses should focus on creating a trusted and collaborative environment where all security teams work together much more closely, exchanging and communicating the right information with the relevant people. This process is called collective defence.”

Taking Advantage Of AI

According to Matt Hillary, CISO at Drata, “tackling insider threats is one area where AI has significant potential to be game-changing for data protection programs.” 

“Notably, AI models can be created and used to review and produce real-time, behaviour-based monitoring capabilities and policies that detect potential, or actual, information security and data protection violations,” he says.

Moshe Weis, CISO at Aqua Security, agrees that AI can have a huge impact. “Advanced tools, including AI-powered behavioural analytics, can play a key role in detecting subtle deviations from normal user behaviour—such as unusual access patterns or the improper handling of sensitive data. These tools allow for real-time insights, enabling organisations to identify potential threats before they escalate. By automating the detection of anomalies, AI serves as a force multiplier for security teams, who can then focus on high-priority incidents.”

However, Weis also reinforces the point that no one technology or method is the solution to insider threats. “Ultimately, by integrating a blend of human vigilance, smart policy, and technology-driven solutions, organisations can build a resilient defence against insider threats,” he concludes.

Image:

You Might Also Read: 

Too Many Corporate Employees Ignore Cyber Security:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« How Do The UK Cyber Security & Resilience Bill & The EU's NIS2 Compare?
Trump Campaign A Target For Attacks From China »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

FDM Group

FDM Group

FDM Group is an international Professional services company with a focus on IT. Services offered include Software Testing, and Information Security with a focus on operational security and compliance.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

LeadingIT

LeadingIT

Leading IT provides IT support, cloud computing, email support, cybersecurity, networking and firewall services to Chicagoland businesses.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

Ekco

Ekco

Ekco is one of Europe’s leading managed cloud providers. With a network of infrastructure and security specialists across Europe, we’ve perfected our approach to supporting digital transformation.

Radiance Technologies

Radiance Technologies

Radiance solutions provide technological advantage and operational superiority for our nation in the areas of intelligence, cyber and advanced weapon systems.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.