Earlier this month, Avalon Cyber posted a poll on LinkedIn asking, “What cybersecurity threat keeps you up at night?” The choices were: external threat (for example, ransomware), internal threat (i.e., IP theft), or the birth of GenAI.
82% of respondents were most worried about external threats and 18% were concerned with GenAI; however, and somewhat surprisingly to our consultants, none of the respondents chose Internal threats as a major concern.
While external threats and artificial intelligence development and use are definitely areas that should be on a company’s (and its security team’s) radar, insider threats must not be ignored.
Here are a few stats to prove their significance:
- According to IBM’s Cost of a Data Breach Report 2023, data breaches initiated by malicious insiders were the most costly, around $4.90 million on average or 9.5% higher than the $4.45 million cost of the average data breach.
- The Verizon 2023 Data Breach Investigations Report revealed that while the average external threat compromises about 200 million records, incidents involving an inside threat actor have resulted in the exposure of 1 billion records or more.
A recent article from CSO Online reminds us of the insider threat aspect and the related management of insider risk. It states that “Chief information security officers (CISOs) focus predominantly on technologies: user entity behavior analytics (UEBA), security information and event management (SIEM), data loss prevention, and the like. There isn’t as much emphasis on stepping outside the view of their colleagues as streams of user data, to instead see them as people with complex lives and various pressures placed upon them.”
While this article explores a variety of insider risks, opportunities, and ways to help avoid such incidents from a CISO’s standpoint, everyone should heed their advice. In particular, to watch for employees who exhibit signs of dissatisfaction surrounding things like compensation, benefits, opportunities for promotion, and performance feedback. The article also mentions that Pew Research has found that the more interaction between workers and managers and the more feedback given equates to greater job satisfaction, i.e., that employee presents a much lower risk of dissatisfaction and, therefore, becoming a threat.
Making employees happy is an excellent way to ensure your organization thrives, and hopefully, your company does all it can to show appreciation and concern for your most important asset: your people. But, as we all know, you can’t please everyone. So, how do you know if there’s nefarious activity happening within your company’s environment?
Signs of insider threats include:
- Massive downloading of corporate data
- Creating backdoor accounts
- Changing all passwords
- Sending sensitive data to an outside email address
- Disabling system logs
- Accessing other employees’ systems
- Installing unauthorized software
If you witness any of these indicators of IT sabotage or data theft, you need to take immediate action by reporting it to a manager or supervisor. If you see something, say something.
How to prevent insider attacks
Here are a few best practices to implement to keep your company’s data safe from insider threats:
- Cybersecurity policies: Having rules helps secure your data – and helps you take action – if someone has gone against policy. Educate your employees, vendors, and other stakeholders on the procedures (and consequences) surrounding data misuse, what to do if there’s a security incident, etc.
- Access management: Employees should only have access privileges for the data they need on a daily basis.
- Passwords and MFA: Enforce complex password practices and utilize multi-factor authentication for all employees.
- Logging and auditing: Routinely review log and audit trails to check for anomalies, which could indicate insider threats.
- Vulnerability assessments & penetration tests: Validate security measures and identify weaknesses so they can be fixed or monitored before they can be exploited. Vulnerability scanning should be performed at least monthly and penetration testing, both internal and external, should be performed at least annually.
- Data protection: Encrypt sensitive data and prevent its exfiltration with data loss prevention tools and procedures.
Your organization must be prepared to identify both data driven and human signals of potential concerns, and we hope this article has provided some helpful information. If you have questions or concerns about insider threats, contact our team of battle-tested experts today.
Resources:
https://www.ekransystem.com/en/blog/insider-threat-definition
https://www.redscan.com/solutions/insider-threats-cyber-security/
https://www.ibm.com/topics/insider-threats
https://www.lepide.com/blog/best-practices-to-prevent-insider-threats/
