Why Insider Threats Remain The “Wild Card” In Cybersecurity

Uploaded on 2024-11-25 in TECHNOLOGY--Resilience, FREE TO VIEW

In today's cybersecurity landscape, insider threats have emerged as one of the most unpredictable and damaging risks organisations face. Coming from within the entity, these risks may stem from current or former employees, contractors, or business partners who have, or have had, authorised access to the organisation's systems, networks and sensitive data. 

The data paints a sobering picture: the past two years alone have seen a 44% surge in insider threat incidents, with the average cost of each incident reaching an eye-watering $15.38 million.

More alarmingly, between 2019 and 2024, the number of organizations reporting insider incidents has grown from 66% to 76% – that's nearly three-quarters of all organisations grappling with this issue.

Understanding The Insider Threat Landscape

Insider threats generally fall into three distinct categories:

  • Malicious Insiders: Individuals who intentionally misuse their access for personal gain or to inflict harm on the organization.
  • Negligent Insiders: Those who inadvertently compromise security through carelessness or lack of awareness.
  • Compromised Insiders: Individuals who have been coerced or manipulated by external actors into actions that jeopardise the organisation that employs them. 

Each of these profiles presents unique challenges, but all contribute to the increasingly complex and dangerous threat landscape.

So, what should organisations be on the look-out for when it comes to insider threats?

Statistics reveal some concerning trends. A significant 38% of employees involved in dishonest behaviour have been with their organisation for less than a year, suggesting a higher risk-taking propensity early in employment. Further, 75% of those recorded for unlawful data acquisition or disclosure have been employed for under five years.

These findings underscore the need for enhanced onboarding processes, robust internal controls, and proactive intervention strategies.

However, longer-term employees are not exempt from risk. A striking 80% of those involved in bribery have been with their organisation for over ten years. This could be triggered by personal grievances, a sudden change in financial or personal circumstances or simply disillusionment with the company direction. 

The most important takeaway here is that there is not a ‘type’.  As such, detecting insider threats is a real challenge but there are several factors that organisations should consider a red flag and monitor closely. 

The first is unauthorised or suspicious data access and handling; this includes accessing sensitive information or systems without a legitimate need-to-know. Downloading copying, or transferring large amounts of data, attempting to bypass security controls or access restrictions and the unauthorised use of removable media or external storage devices should also be considered unusual and a potential security risk.

The next category is information technology misuse, such as installing unauthorised software, exhibiting unusual network activity, excessively using personal email or cloud storage for work, or experiencing frequent password resets or account lockouts.

Other categories include disgruntled or disruptive behaviour from staff, suspicious communications – perhaps with foreign entities or competitors, the use of encrypted or anonymous communication channels or even attempts to circumvent communication monitoring or surveillance systems.

Personal or financial issues are also something to look out for. Sudden or significant changes in lifestyle or spending habits, involvement in illegal activities or substance abuse, financial difficulties such as debt or gambling problems can all increase an individual’s risk profile.

How To Manage Insider Risk

Managing insider risk effectively requires a holistic approach. The employee lifecycle—starting from hiring practices to the working environment, training programs, and leadership quality—can significantly influence the likelihood of insider threats. Organisations should ask themselves - are we hiring the right employees? Are we providing adequate training? Does the organisation's culture encourage ethical behaviour, or does it create an environment where malicious actions thrive?

Collaboration between HR and IT is critical in reducing insider risk because it combines the strengths of both departments to create a comprehensive approach to security. 

Training is a critical component of insider threat management. Organisations must align security training with company culture, set clear expectations for both leaders and employees, and conduct regular training sessions to reinforce the importance of cybersecurity. Encouraging preferred employee behaviours and setting a positive tone from the top can go a long way in preventing insider threats.

On the technical front, solutions like Data Loss Prevention (DLP), User Activity Monitoring (UAM), and User and Entity Behaviour Analytics (UEBA) play a vital role in identifying potential risks before they escalate. Combining these tools with high-quality data can provide organisations with a comprehensive view of user activity, helping to detect anomalies and unauthorised behaviour in real time.

We should also remember that insiders are not always acting alone. External actors, such as hackers, can exploit weak security practices or vulnerabilities to turn outsiders into insiders. Poor cybersecurity hygiene significantly amplifies the potential for destruction, with organisations that maintain strong security practices experiencing 35 times fewer destructive ransomware events. 

Insider threats are a formidable challenge for organisations and their cybersecurity. However, with the right strategies in place and by adopting a proactive, multifaceted approach, the risk and impact of these “wild card” threats can be reduced. 

By combining their expertise and resources, HR and IT can create a powerful synergy that significantly reduces insider risk. The HR department has deep insights into employee behaviour, motivations, and potential vulnerabilities. This knowledge can help IT Security teams identify early warning signs of potential insider threats and tailor security measures accordingly. In addition, HR policies and practices can significantly influence the likelihood of insider threats.

By working together, HR and IT can develop policies and procedures that foster a culture of security, promote ethical behaviour, and discourage risky actions.

Miguel Clarke is  GRC and Cyber Security lead for Armor

Image: Ideogram 

You Might Also Read:

Imminent New SEC Cyber Security Rules:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Google Invests In U.S. Education With 15 New Cybersecurity Clinics
British Government Minister Predicts Russia Will Step Up Cyber Attacks  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

A10 Networks

A10 Networks

A10 Networks is a leader in application networking, helping organizations of all sizes to accelerate, optimize and secure their applications.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

Identity Automation

Identity Automation

Identity Automation is a leading provider of Identity and Access Management software.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University (NFSU) - India

National Forensic Sciences University is the world’s first and only University dedicated to Digital Forensic and allied Sciences.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

Otto

Otto

Stop Client-Side Attacks. Plug otto into your application security suite and protect your supply chain.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

Bulletproof Solutions

Bulletproof Solutions

Bulletproof provides IT expert support, services, and guidance to businesses small and large as they grow and adapt to today’s complex IT, cybersecurity, and compliance needs.

QANplatform

QANplatform

QANplatform is a Quantum-resistant hybrid blockchain platform.

Lupasafe

Lupasafe

Lupasafe is a software for businesses to see IT risks and insights, and provide vital training for employees.

Shepherd

Shepherd

Shepherd's mission is to empower IT teams with solutions that simplify endpoint management, enhance security, and adapt to the evolving complexities of modern work environments.