Why Insider Threats Remain The “Wild Card” In Cybersecurity

Uploaded on 2024-11-25 in TECHNOLOGY--Resilience, FREE TO VIEW

In today's cybersecurity landscape, insider threats have emerged as one of the most unpredictable and damaging risks organisations face. Coming from within the entity, these risks may stem from current or former employees, contractors, or business partners who have, or have had, authorised access to the organisation's systems, networks and sensitive data. 

The data paints a sobering picture: the past two years alone have seen a 44% surge in insider threat incidents, with the average cost of each incident reaching an eye-watering $15.38 million.

More alarmingly, between 2019 and 2024, the number of organizations reporting insider incidents has grown from 66% to 76% – that's nearly three-quarters of all organisations grappling with this issue.

Understanding The Insider Threat Landscape

Insider threats generally fall into three distinct categories:

  • Malicious Insiders: Individuals who intentionally misuse their access for personal gain or to inflict harm on the organization.
  • Negligent Insiders: Those who inadvertently compromise security through carelessness or lack of awareness.
  • Compromised Insiders: Individuals who have been coerced or manipulated by external actors into actions that jeopardise the organisation that employs them. 

Each of these profiles presents unique challenges, but all contribute to the increasingly complex and dangerous threat landscape.

So, what should organisations be on the look-out for when it comes to insider threats?

Statistics reveal some concerning trends. A significant 38% of employees involved in dishonest behaviour have been with their organisation for less than a year, suggesting a higher risk-taking propensity early in employment. Further, 75% of those recorded for unlawful data acquisition or disclosure have been employed for under five years.

These findings underscore the need for enhanced onboarding processes, robust internal controls, and proactive intervention strategies.

However, longer-term employees are not exempt from risk. A striking 80% of those involved in bribery have been with their organisation for over ten years. This could be triggered by personal grievances, a sudden change in financial or personal circumstances or simply disillusionment with the company direction. 

The most important takeaway here is that there is not a ‘type’.  As such, detecting insider threats is a real challenge but there are several factors that organisations should consider a red flag and monitor closely. 

The first is unauthorised or suspicious data access and handling; this includes accessing sensitive information or systems without a legitimate need-to-know. Downloading copying, or transferring large amounts of data, attempting to bypass security controls or access restrictions and the unauthorised use of removable media or external storage devices should also be considered unusual and a potential security risk.

The next category is information technology misuse, such as installing unauthorised software, exhibiting unusual network activity, excessively using personal email or cloud storage for work, or experiencing frequent password resets or account lockouts.

Other categories include disgruntled or disruptive behaviour from staff, suspicious communications – perhaps with foreign entities or competitors, the use of encrypted or anonymous communication channels or even attempts to circumvent communication monitoring or surveillance systems.

Personal or financial issues are also something to look out for. Sudden or significant changes in lifestyle or spending habits, involvement in illegal activities or substance abuse, financial difficulties such as debt or gambling problems can all increase an individual’s risk profile.

How To Manage Insider Risk

Managing insider risk effectively requires a holistic approach. The employee lifecycle—starting from hiring practices to the working environment, training programs, and leadership quality—can significantly influence the likelihood of insider threats. Organisations should ask themselves - are we hiring the right employees? Are we providing adequate training? Does the organisation's culture encourage ethical behaviour, or does it create an environment where malicious actions thrive?

Collaboration between HR and IT is critical in reducing insider risk because it combines the strengths of both departments to create a comprehensive approach to security. 

Training is a critical component of insider threat management. Organisations must align security training with company culture, set clear expectations for both leaders and employees, and conduct regular training sessions to reinforce the importance of cybersecurity. Encouraging preferred employee behaviours and setting a positive tone from the top can go a long way in preventing insider threats.

On the technical front, solutions like Data Loss Prevention (DLP), User Activity Monitoring (UAM), and User and Entity Behaviour Analytics (UEBA) play a vital role in identifying potential risks before they escalate. Combining these tools with high-quality data can provide organisations with a comprehensive view of user activity, helping to detect anomalies and unauthorised behaviour in real time.

We should also remember that insiders are not always acting alone. External actors, such as hackers, can exploit weak security practices or vulnerabilities to turn outsiders into insiders. Poor cybersecurity hygiene significantly amplifies the potential for destruction, with organisations that maintain strong security practices experiencing 35 times fewer destructive ransomware events. 

Insider threats are a formidable challenge for organisations and their cybersecurity. However, with the right strategies in place and by adopting a proactive, multifaceted approach, the risk and impact of these “wild card” threats can be reduced. 

By combining their expertise and resources, HR and IT can create a powerful synergy that significantly reduces insider risk. The HR department has deep insights into employee behaviour, motivations, and potential vulnerabilities. This knowledge can help IT Security teams identify early warning signs of potential insider threats and tailor security measures accordingly. In addition, HR policies and practices can significantly influence the likelihood of insider threats.

By working together, HR and IT can develop policies and procedures that foster a culture of security, promote ethical behaviour, and discourage risky actions.

Miguel Clarke is  GRC and Cyber Security lead for Armor

Image: Ideogram 

You Might Also Read:

Imminent New SEC Cyber Security Rules:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Google Invests In U.S. Education With 15 New Cybersecurity Clinics
British Government Minister Predicts Russia Will Step Up Cyber Attacks  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

DigitalXRaid

DigitalXRaid

DigitalXRAID is driven and motivated to ensure the bad guys don’t win. We’re dedicated to providing our clients with state-of-the-art cyber security solutions.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

NanoLock Security

NanoLock Security

NanoLock delivers the industry’s only end-to-end platform for the IoT and connected devices ecosystem.

Armenia Startup Academy

Armenia Startup Academy

Armenia Startup Academy is a pre-acceleration program for selected Armenian tech companies and startups in areas including cybersecurity.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

NWN Corp

NWN Corp

NWN Corporation is a leading Cloud Communications Service Provider (CCSP) focused on transforming the customer and workspace experience for commercial, enterprise and public sector organizations.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.