Whenever someone talks about cybersecurity attacks, the same image comes to mind: hackers hiding in poorly-lit basements breaching systems by force of code. Most of us think about the dark web, malware, online scams, and phishing attacks. We think of armies of hackers answering to the whims of despotic leaders. We even blame entire countries such as Russia and China for cyberattacks.
Unfortunately, focusing on those cliche-fed images makes us lose sight of a far more crucial aspect of cybersecurity - insider threats. The malicious or negligent actions of employees and partners can be as damaging as those coming from external malicious actors. But since we aren’t used to thinking about them, they have gone mostly unnoticed - until today.
In a recent survey, 73% of organizations say insider attacks are becoming more frequent. What’s more - 68% of them feel moderately to extremely vulnerable to insider attacks. So, it’s not a surprise that more and more people are starting to pay attention and worrying about it. By doing that, organizations are finally understanding that the first thing to fight against insider threats is making the problem more visible. That’s why we’re going to review the basics here.
As its name implies, an insider threat is someone that works within an organization and that represents a risk for said organization’s security. Employees, former employees, providers, and business associates are all potential insider threats since they all have access to inside information about the organization’s security practices.
There are 3 categories of insider threats, including:
These 3 categories have a clear differentiation. While malicious insiders and infiltrators have the goal of stealing information, negligent insiders are just careless people that aren’t paying enough attention to security. Even when one could argue that the former are more dangerous (as they are actively seeking to do harm and know their way around security systems), the truth is those negligent insiders are as equally damaging. That’s simply because, when a breach happens, intent doesn’t matter.
The distinction does help, though, as organizations will take different actions depending on the category of the insider threat.
[insert page='cybersecurity-and-digital-marketing-go-hand-in-hand-heres-why' display='single-related-article.php']
Any organization that has sensitive information should have a security strategy in place that has measures to mitigate the risk associated with insider threats. There are a lot of things an organization can do, including some of the following.
Of course, these are only some of the many measures available to address the insider threat issue. All of them should be part of the organization’s enterprise-wide security strategy. What’s more - all of these measures should be in place in companies of all sizes and across industries, because no one is safe from potential insider attacks.
[insert page='3-cybersecurity-risks-businesses-need-to-prepare-for' display='single-related-article-02.php']
Recent research shows that the extended enterprise is seriously vulnerable to insider threats. In fact, it estimates that 80% of the cybersecurity incidents are a direct effect of an employee, whether intentional or not. That turns insider threats into the biggest security issue for modern organizations - by far.
This is changing the security focus across organizations, which, as of recently, has mostly been concentrated in external threats. This paradigm shift is uncovering new challenges. The most pressing one? That insider threats are becoming increasingly harder to detect. In fact, 56% of executives feel that moving to the cloud (a must for a lot of companies) is contributing to the phenomenon.
So, given that companies want to migrate to the cloud for its numerous advantages, they are trapped between a rock and a hard place. Either they migrate to the cloud and face the challenge of detecting insider threats, or they don’t migrate but lose a competitive edge. Things, however, don’t have to be this black or white.
Modern security advances (especially with the aid of artificial intelligence and machine learning) are making it easier to monitor user activity and detect abnormal behavior. That, coupled with a sensible and coherent security policy and constant employee training can reduce the risk of an insider threat attack to a minimum.
Rather than sit down and worry about it, organizations would be better off by starting acknowledging the problem and acting on it. Informing themselves, investing in new tools, and getting the right training are some of the best paths they can take if they are to face this rise of insider threats.