Making Insider Threats A Year Round Priority

When it comes to cybersecurity, the focus can often be on external threats. However, with 83% of organisations reporting at least one insider attack in 2023, this is an issue that needs to be a top security priority year round.

Insider threats have become both more frequent and costlier over the last few years - with the average cost rising to $16.2 million in 2023. Despite this, less than 30% of organisations are confident that they can handle an insider threat, suggesting a huge mismatch between the scale of the problem and the focus on the solution. With all of this in mind, we spoke to six security experts to get their advice on what organisations should be doing in order to build a successful insider threat defence.

It's All About The Culture

One of the biggest mistakes organisations can make when it comes to insider threats is assuming that the problem can be solved by one piece of technology, or by putting one security policy in place. Instead, an effective strategy requires buy-in from the leadership team and a whole organisation culture shift. 

“Lets not forget an insider threat can come from any level within an organisation—employees, contractors, or even business partners,” explains Andy Swift, Cyber Security Assurance Technical Director, Six Degrees. “The motivations behind these threats vary, from financial gain and personal grievances to negligence and lack of awareness. Therefore, a comprehensive approach to managing insider threats involves not only advanced technological solutions but also fostering a culture of awareness and responsibility among staff.” 

He continues: “It all starts with strong access controls, regularly reviewed permissions, and monitoring of user activities; carefully consider who needs access to what and why, and then think forensically - if you can’t provide an audit trail from a central location for administrative or general user actions across a range of systems, your early visibility of potential insider attacks can be dramatically impacted.”

Des V. Anderson, CTO and Co-Founder at LearnUpon, agrees that tackling insider threats relies on the efforts of the whole team. “What’s most important is to equip your teams with the right tools and solutions to succeed and at the same time, create a culture of knowledge sharing that encourages employees to take charge of security through strengthened passwords, two-factor authentication, and anti-phishing awareness,” he argues. “Security leaders also need to invest significant effort into training developers to have a strong emphasis on security. They must provide them with insights into best practices and encourage them to utilise automation to handle standard security assessments.”

Being Smart About Technology 

Of course, security tools do have a vital role in the prevention of cyber threats. “Prevention is better than cure and many businesses are putting multiple layers of security in place, supported by tools such as continuous monitoring, identity and access management and thorough security compliance training for all employees,” explains Terry Storrar, Managing Director, Leaseweb UK

However, he points out that “more tooling does not necessarily mean more secure.  It is also crucial that all these measures are integrated to prevent gaps in cloud security architectures.  IT and security teams should also look to harness automation – for example, to identify and track misuse of confidential data - to further boost the security of their cloud environments.”

Brett Candon, VP International at Cyware, believes that consolidation of security functions is key. “In a process known as cyber fusion, all security functions are consolidated,” he outlines. “By combining threat intelligence, security automation, threat response, security orchestration and incident response into one single, interconnected platform, IT teams can detect, manage and respond to threats in the fastest and most efficient way possible.”

He continues: “The key is collaboration. Both inside and outside the organisation, businesses should focus on creating a trusted and collaborative environment where all security teams work together much more closely, exchanging and communicating the right information with the relevant people. This process is called collective defence.”

Taking Advantage Of AI

According to Matt Hillary, CISO at Drata, “tackling insider threats is one area where AI has significant potential to be game-changing for data protection programs.” 

“Notably, AI models can be created and used to review and produce real-time, behaviour-based monitoring capabilities and policies that detect potential, or actual, information security and data protection violations,” he says.

Moshe Weis, CISO at Aqua Security, agrees that AI can have a huge impact. “Advanced tools, including AI-powered behavioural analytics, can play a key role in detecting subtle deviations from normal user behaviour—such as unusual access patterns or the improper handling of sensitive data. These tools allow for real-time insights, enabling organisations to identify potential threats before they escalate. By automating the detection of anomalies, AI serves as a force multiplier for security teams, who can then focus on high-priority incidents.”

However, Weis also reinforces the point that no one technology or method is the solution to insider threats. “Ultimately, by integrating a blend of human vigilance, smart policy, and technology-driven solutions, organisations can build a resilient defence against insider threats,” he concludes.

Image:

You Might Also Read: 

Too Many Corporate Employees Ignore Cyber Security:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« How Do The UK Cyber Security & Resilience Bill & The EU's NIS2 Compare?
Trump Campaign A Target For Attacks From China »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Superscript

Superscript

Superscript (formerly Digital Risks) is an insurance broker for small businesses, sole-traders, landlords and high-growth tech firms. Our services include Cyber Liability insurance.

TSUNAMI

TSUNAMI

The TSUNAMi center focuses on software and system security and how trustworthy software can be built from COTS software components.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

Cyberlitica

Cyberlitica

Cyberlitica (formerly iPhish) provides a Workforce Threat Intelligence application that significantly augments companies’ cyber threat prevention efforts.

Invensity

Invensity

INVENSITY is an interdisciplinary technology and innovation consulting company. Centres of excellence include Cyber Security and Data Privacy.

Identity Defined Security Alliance (IDSA)

Identity Defined Security Alliance (IDSA)

IDSA is a group of identity and security vendors, solution providers and practitioners that acts as an independent source of education and information on identity-centric security strategies.

senhasegura

senhasegura

senhasegura is a global Privileged Access Management vendor. Our mission is to eliminate privilege abuse in organizations around the globe and build digital sovereignty.

Banyax

Banyax

Banyax provides 24×7 real-time Cyber Defense Center Services using the latest technology tools to provide state-of-the-art defense.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.

PDQ

PDQ

PDQ helps IT professionals to manage and organize hardware, software, and configuration data for Windows- and Apple-based devices.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.

XY Cyber

XY Cyber

XY Cyber enable Generative AI for Cyber Operations. We simplify the complex world of cyber threats into actionable strategies, empowering your defense with AI-powered solutions.