Why Insider Threats Remain The “Wild Card” In Cybersecurity

Uploaded on 2024-11-25 in TECHNOLOGY--Resilience, FREE TO VIEW

In today's cybersecurity landscape, insider threats have emerged as one of the most unpredictable and damaging risks organisations face. Coming from within the entity, these risks may stem from current or former employees, contractors, or business partners who have, or have had, authorised access to the organisation's systems, networks and sensitive data. 

The data paints a sobering picture: the past two years alone have seen a 44% surge in insider threat incidents, with the average cost of each incident reaching an eye-watering $15.38 million.

More alarmingly, between 2019 and 2024, the number of organizations reporting insider incidents has grown from 66% to 76% – that's nearly three-quarters of all organisations grappling with this issue.

Understanding The Insider Threat Landscape

Insider threats generally fall into three distinct categories:

  • Malicious Insiders: Individuals who intentionally misuse their access for personal gain or to inflict harm on the organization.
  • Negligent Insiders: Those who inadvertently compromise security through carelessness or lack of awareness.
  • Compromised Insiders: Individuals who have been coerced or manipulated by external actors into actions that jeopardise the organisation that employs them. 

Each of these profiles presents unique challenges, but all contribute to the increasingly complex and dangerous threat landscape.

So, what should organisations be on the look-out for when it comes to insider threats?

Statistics reveal some concerning trends. A significant 38% of employees involved in dishonest behaviour have been with their organisation for less than a year, suggesting a higher risk-taking propensity early in employment. Further, 75% of those recorded for unlawful data acquisition or disclosure have been employed for under five years.

These findings underscore the need for enhanced onboarding processes, robust internal controls, and proactive intervention strategies.

However, longer-term employees are not exempt from risk. A striking 80% of those involved in bribery have been with their organisation for over ten years. This could be triggered by personal grievances, a sudden change in financial or personal circumstances or simply disillusionment with the company direction. 

The most important takeaway here is that there is not a ‘type’.  As such, detecting insider threats is a real challenge but there are several factors that organisations should consider a red flag and monitor closely. 

The first is unauthorised or suspicious data access and handling; this includes accessing sensitive information or systems without a legitimate need-to-know. Downloading copying, or transferring large amounts of data, attempting to bypass security controls or access restrictions and the unauthorised use of removable media or external storage devices should also be considered unusual and a potential security risk.

The next category is information technology misuse, such as installing unauthorised software, exhibiting unusual network activity, excessively using personal email or cloud storage for work, or experiencing frequent password resets or account lockouts.

Other categories include disgruntled or disruptive behaviour from staff, suspicious communications – perhaps with foreign entities or competitors, the use of encrypted or anonymous communication channels or even attempts to circumvent communication monitoring or surveillance systems.

Personal or financial issues are also something to look out for. Sudden or significant changes in lifestyle or spending habits, involvement in illegal activities or substance abuse, financial difficulties such as debt or gambling problems can all increase an individual’s risk profile.

How To Manage Insider Risk

Managing insider risk effectively requires a holistic approach. The employee lifecycle—starting from hiring practices to the working environment, training programs, and leadership quality—can significantly influence the likelihood of insider threats. Organisations should ask themselves - are we hiring the right employees? Are we providing adequate training? Does the organisation's culture encourage ethical behaviour, or does it create an environment where malicious actions thrive?

Collaboration between HR and IT is critical in reducing insider risk because it combines the strengths of both departments to create a comprehensive approach to security. 

Training is a critical component of insider threat management. Organisations must align security training with company culture, set clear expectations for both leaders and employees, and conduct regular training sessions to reinforce the importance of cybersecurity. Encouraging preferred employee behaviours and setting a positive tone from the top can go a long way in preventing insider threats.

On the technical front, solutions like Data Loss Prevention (DLP), User Activity Monitoring (UAM), and User and Entity Behaviour Analytics (UEBA) play a vital role in identifying potential risks before they escalate. Combining these tools with high-quality data can provide organisations with a comprehensive view of user activity, helping to detect anomalies and unauthorised behaviour in real time.

We should also remember that insiders are not always acting alone. External actors, such as hackers, can exploit weak security practices or vulnerabilities to turn outsiders into insiders. Poor cybersecurity hygiene significantly amplifies the potential for destruction, with organisations that maintain strong security practices experiencing 35 times fewer destructive ransomware events. 

Insider threats are a formidable challenge for organisations and their cybersecurity. However, with the right strategies in place and by adopting a proactive, multifaceted approach, the risk and impact of these “wild card” threats can be reduced. 

By combining their expertise and resources, HR and IT can create a powerful synergy that significantly reduces insider risk. The HR department has deep insights into employee behaviour, motivations, and potential vulnerabilities. This knowledge can help IT Security teams identify early warning signs of potential insider threats and tailor security measures accordingly. In addition, HR policies and practices can significantly influence the likelihood of insider threats.

By working together, HR and IT can develop policies and procedures that foster a culture of security, promote ethical behaviour, and discourage risky actions.

Miguel Clarke is  GRC and Cyber Security lead for Armor

Image: Ideogram 

You Might Also Read:

Imminent New SEC Cyber Security Rules:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Google Invests In U.S. Education With 15 New Cybersecurity Clinics
British Government Minister Predicts Russia Will Step Up Cyber Attacks  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

Commissum

Commissum

Commissum specialise in information assurance and security testing services.

Secardeo

Secardeo

Secardeo is a provider of corporate solutions using digital signatures and certificates. Our solutions enable the user transparent end-to-end encryption of e-mails between organizations.

Semperis

Semperis

Semperis is an enterprise identity protection company that enables organizations to quickly recover from accidental or malicious changes and disasters that compromise Active Directory.

Sectigo

Sectigo

Sectigo is a leading cybersecurity provider of digital identity solutions, including TLS / SSL certificates, DevOps, IoT, and enterprise-grade PKI management, as well as multi-layered web security.

PSYND

PSYND

PSYND is a Swiss consultancy company based in Geneva specialized in CyberSecurity and Identity & Access Management.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

HUB Security

HUB Security

Hub Security provide Ultra Secure, Military Grade HSM (Hardware Security Module) Solutions for Blockchain and Digital Assets.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

FYEO

FYEO

FYEO is a threat monitoring and identity access management platform for consumers, enterprises and SMBs.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.

Concorde Technology Group

Concorde Technology Group

Concorde Technology Group is one of the UK’s leading IT support and services providers, delivering cost-effective and innovative IT solutions to businesses across the country.

Advania UK

Advania UK

Advania are one of Microsoft’s leading partners in the UK, specialising in Azure, Security, Dynamics 365 and Microsoft 365.

Chorology

Chorology

Chorology is a leading provider of intelligently automated, data compliance and posture enforcement solutions.