Making Insider Threats A Year Round Priority

Uploaded on 2024-10-30 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

When it comes to cybersecurity, the focus can often be on external threats. However, with 83% of organisations reporting at least one insider attack in 2023, this is an issue that needs to be a top security priority year round.

Insider threats have become both more frequent and costlier over the last few years - with the average cost rising to $16.2 million in 2023. Despite this, less than 30% of organisations are confident that they can handle an insider threat, suggesting a huge mismatch between the scale of the problem and the focus on the solution. With all of this in mind, we spoke to six security experts to get their advice on what organisations should be doing in order to build a successful insider threat defence.

It's All About The Culture

One of the biggest mistakes organisations can make when it comes to insider threats is assuming that the problem can be solved by one piece of technology, or by putting one security policy in place. Instead, an effective strategy requires buy-in from the leadership team and a whole organisation culture shift.

“Lets not forget an insider threat can come from any level within an organisation—employees, contractors, or even business partners,” explains Andy Swift, Cyber Security Assurance Technical Director, Six Degrees. “The motivations behind these threats vary, from financial gain and personal grievances to negligence and lack of awareness. Therefore, a comprehensive approach to managing insider threats involves not only advanced technological solutions but also fostering a culture of awareness and responsibility among staff.”

He continues: “It all starts with strong access controls, regularly reviewed permissions, and monitoring of user activities; carefully consider who needs access to what and why, and then think forensically - if you can’t provide an audit trail from a central location for administrative or general user actions across a range of systems, your early visibility of potential insider attacks can be dramatically impacted.”

Des V. Anderson, CTO and Co-Founder at LearnUpon, agrees that tackling insider threats relies on the efforts of the whole team. “What’s most important is to equip your teams with the right tools and solutions to succeed and at the same time, create a culture of knowledge sharing that encourages employees to take charge of security through strengthened passwords, two-factor authentication, and anti-phishing awareness,” he argues. “Security leaders also need to invest significant effort into training developers to have a strong emphasis on security. They must provide them with insights into best practices and encourage them to utilise automation to handle standard security assessments.”

Being Smart About Technology

Of course, security tools do have a vital role in the prevention of cyber threats. “Prevention is better than cure and many businesses are putting multiple layers of security in place, supported by tools such as continuous monitoring, identity and access management and thorough security compliance training for all employees,” explains Terry Storrar, Managing Director, Leaseweb UK.

However, he points out that “more tooling does not necessarily mean more secure. It is also crucial that all these measures are integrated to prevent gaps in cloud security architectures. IT and security teams should also look to harness automation – for example, to identify and track misuse of confidential data - to further boost the security of their cloud environments.”

Brett Candon, VP International at Cyware, believes that consolidation of security functions is key. “In a process known as cyber fusion, all security functions are consolidated,” he outlines. “By combining threat intelligence, security automation, threat response, security orchestration and incident response into one single, interconnected platform, IT teams can detect, manage and respond to threats in the fastest and most efficient way possible.”

He continues: “The key is collaboration. Both inside and outside the organisation, businesses should focus on creating a trusted and collaborative environment where all security teams work together much more closely, exchanging and communicating the right information with the relevant people. This process is called collective defence.”

Taking Advantage Of AI

According to Matt Hillary, CISO at Drata, “tackling insider threats is one area where AI has significant potential to be game-changing for data protection programs.”

“Notably, AI models can be created and used to review and produce real-time, behaviour-based monitoring capabilities and policies that detect potential, or actual, information security and data protection violations,” he says.

Moshe Weis, CISO at Aqua Security, agrees that AI can have a huge impact. “Advanced tools, including AI-powered behavioural analytics, can play a key role in detecting subtle deviations from normal user behaviour—such as unusual access patterns or the improper handling of sensitive data. These tools allow for real-time insights, enabling organisations to identify potential threats before they escalate. By automating the detection of anomalies, AI serves as a force multiplier for security teams, who can then focus on high-priority incidents.”

However, Weis also reinforces the point that no one technology or method is the solution to insider threats. “Ultimately, by integrating a blend of human vigilance, smart policy, and technology-driven solutions, organisations can build a resilient defence against insider threats,” he concludes.

Image:

You Might Also Read:

Too Many Corporate Employees Ignore Cyber Security:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.