Making Insider Threats A Year Round Priority

When it comes to cybersecurity, the focus can often be on external threats. However, with 83% of organisations reporting at least one insider attack in 2023, this is an issue that needs to be a top security priority year round.

Insider threats have become both more frequent and costlier over the last few years - with the average cost rising to $16.2 million in 2023. Despite this, less than 30% of organisations are confident that they can handle an insider threat, suggesting a huge mismatch between the scale of the problem and the focus on the solution. With all of this in mind, we spoke to six security experts to get their advice on what organisations should be doing in order to build a successful insider threat defence.

It's All About The Culture

One of the biggest mistakes organisations can make when it comes to insider threats is assuming that the problem can be solved by one piece of technology, or by putting one security policy in place. Instead, an effective strategy requires buy-in from the leadership team and a whole organisation culture shift. 

“Lets not forget an insider threat can come from any level within an organisation—employees, contractors, or even business partners,” explains Andy Swift, Cyber Security Assurance Technical Director, Six Degrees. “The motivations behind these threats vary, from financial gain and personal grievances to negligence and lack of awareness. Therefore, a comprehensive approach to managing insider threats involves not only advanced technological solutions but also fostering a culture of awareness and responsibility among staff.” 

He continues: “It all starts with strong access controls, regularly reviewed permissions, and monitoring of user activities; carefully consider who needs access to what and why, and then think forensically - if you can’t provide an audit trail from a central location for administrative or general user actions across a range of systems, your early visibility of potential insider attacks can be dramatically impacted.”

Des V. Anderson, CTO and Co-Founder at LearnUpon, agrees that tackling insider threats relies on the efforts of the whole team. “What’s most important is to equip your teams with the right tools and solutions to succeed and at the same time, create a culture of knowledge sharing that encourages employees to take charge of security through strengthened passwords, two-factor authentication, and anti-phishing awareness,” he argues. “Security leaders also need to invest significant effort into training developers to have a strong emphasis on security. They must provide them with insights into best practices and encourage them to utilise automation to handle standard security assessments.”

Being Smart About Technology 

Of course, security tools do have a vital role in the prevention of cyber threats. “Prevention is better than cure and many businesses are putting multiple layers of security in place, supported by tools such as continuous monitoring, identity and access management and thorough security compliance training for all employees,” explains Terry Storrar, Managing Director, Leaseweb UK

However, he points out that “more tooling does not necessarily mean more secure.  It is also crucial that all these measures are integrated to prevent gaps in cloud security architectures.  IT and security teams should also look to harness automation – for example, to identify and track misuse of confidential data - to further boost the security of their cloud environments.”

Brett Candon, VP International at Cyware, believes that consolidation of security functions is key. “In a process known as cyber fusion, all security functions are consolidated,” he outlines. “By combining threat intelligence, security automation, threat response, security orchestration and incident response into one single, interconnected platform, IT teams can detect, manage and respond to threats in the fastest and most efficient way possible.”

He continues: “The key is collaboration. Both inside and outside the organisation, businesses should focus on creating a trusted and collaborative environment where all security teams work together much more closely, exchanging and communicating the right information with the relevant people. This process is called collective defence.”

Taking Advantage Of AI

According to Matt Hillary, CISO at Drata, “tackling insider threats is one area where AI has significant potential to be game-changing for data protection programs.” 

“Notably, AI models can be created and used to review and produce real-time, behaviour-based monitoring capabilities and policies that detect potential, or actual, information security and data protection violations,” he says.

Moshe Weis, CISO at Aqua Security, agrees that AI can have a huge impact. “Advanced tools, including AI-powered behavioural analytics, can play a key role in detecting subtle deviations from normal user behaviour—such as unusual access patterns or the improper handling of sensitive data. These tools allow for real-time insights, enabling organisations to identify potential threats before they escalate. By automating the detection of anomalies, AI serves as a force multiplier for security teams, who can then focus on high-priority incidents.”

However, Weis also reinforces the point that no one technology or method is the solution to insider threats. “Ultimately, by integrating a blend of human vigilance, smart policy, and technology-driven solutions, organisations can build a resilient defence against insider threats,” he concludes.

Image:

You Might Also Read: 

Too Many Corporate Employees Ignore Cyber Security:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« How Do The UK Cyber Security & Resilience Bill & The EU's NIS2 Compare?
Trump Campaign A Target For Attacks From China »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TenIntelligence

TenIntelligence

TenIntelligence provides due diligence, brand protection and fraud investigation services including digital forensics.

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

CRYPTTECH

CRYPTTECH

CRYPTTECH specializes in Information Security and Intelligence, Risk Evaluation and Vulnerability Recognition against Cyber-Attacks and APTs.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

Sierra Ventures

Sierra Ventures

Sierra Ventures is an early-stage venture firm investing globally with a focus on Next Generation Enterprise and Emerging Technologies.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.

Rezonate

Rezonate

Rezonate discovers, profiles, and protects Identities and their entire access journey to cloud infrastructure and critical SaaS applications. Preventing and stopping cyberattacks.