Why Insider Threats Remain The “Wild Card” In Cybersecurity

Uploaded on 2024-11-25 in TECHNOLOGY--Resilience, FREE TO VIEW

In today's cybersecurity landscape, insider threats have emerged as one of the most unpredictable and damaging risks organisations face. Coming from within the entity, these risks may stem from current or former employees, contractors, or business partners who have, or have had, authorised access to the organisation's systems, networks and sensitive data. 

The data paints a sobering picture: the past two years alone have seen a 44% surge in insider threat incidents, with the average cost of each incident reaching an eye-watering $15.38 million.

More alarmingly, between 2019 and 2024, the number of organizations reporting insider incidents has grown from 66% to 76% – that's nearly three-quarters of all organisations grappling with this issue.

Understanding The Insider Threat Landscape

Insider threats generally fall into three distinct categories:

  • Malicious Insiders: Individuals who intentionally misuse their access for personal gain or to inflict harm on the organization.
  • Negligent Insiders: Those who inadvertently compromise security through carelessness or lack of awareness.
  • Compromised Insiders: Individuals who have been coerced or manipulated by external actors into actions that jeopardise the organisation that employs them. 

Each of these profiles presents unique challenges, but all contribute to the increasingly complex and dangerous threat landscape.

So, what should organisations be on the look-out for when it comes to insider threats?

Statistics reveal some concerning trends. A significant 38% of employees involved in dishonest behaviour have been with their organisation for less than a year, suggesting a higher risk-taking propensity early in employment. Further, 75% of those recorded for unlawful data acquisition or disclosure have been employed for under five years.

These findings underscore the need for enhanced onboarding processes, robust internal controls, and proactive intervention strategies.

However, longer-term employees are not exempt from risk. A striking 80% of those involved in bribery have been with their organisation for over ten years. This could be triggered by personal grievances, a sudden change in financial or personal circumstances or simply disillusionment with the company direction. 

The most important takeaway here is that there is not a ‘type’.  As such, detecting insider threats is a real challenge but there are several factors that organisations should consider a red flag and monitor closely. 

The first is unauthorised or suspicious data access and handling; this includes accessing sensitive information or systems without a legitimate need-to-know. Downloading copying, or transferring large amounts of data, attempting to bypass security controls or access restrictions and the unauthorised use of removable media or external storage devices should also be considered unusual and a potential security risk.

The next category is information technology misuse, such as installing unauthorised software, exhibiting unusual network activity, excessively using personal email or cloud storage for work, or experiencing frequent password resets or account lockouts.

Other categories include disgruntled or disruptive behaviour from staff, suspicious communications – perhaps with foreign entities or competitors, the use of encrypted or anonymous communication channels or even attempts to circumvent communication monitoring or surveillance systems.

Personal or financial issues are also something to look out for. Sudden or significant changes in lifestyle or spending habits, involvement in illegal activities or substance abuse, financial difficulties such as debt or gambling problems can all increase an individual’s risk profile.

How To Manage Insider Risk

Managing insider risk effectively requires a holistic approach. The employee lifecycle—starting from hiring practices to the working environment, training programs, and leadership quality—can significantly influence the likelihood of insider threats. Organisations should ask themselves - are we hiring the right employees? Are we providing adequate training? Does the organisation's culture encourage ethical behaviour, or does it create an environment where malicious actions thrive?

Collaboration between HR and IT is critical in reducing insider risk because it combines the strengths of both departments to create a comprehensive approach to security. 

Training is a critical component of insider threat management. Organisations must align security training with company culture, set clear expectations for both leaders and employees, and conduct regular training sessions to reinforce the importance of cybersecurity. Encouraging preferred employee behaviours and setting a positive tone from the top can go a long way in preventing insider threats.

On the technical front, solutions like Data Loss Prevention (DLP), User Activity Monitoring (UAM), and User and Entity Behaviour Analytics (UEBA) play a vital role in identifying potential risks before they escalate. Combining these tools with high-quality data can provide organisations with a comprehensive view of user activity, helping to detect anomalies and unauthorised behaviour in real time.

We should also remember that insiders are not always acting alone. External actors, such as hackers, can exploit weak security practices or vulnerabilities to turn outsiders into insiders. Poor cybersecurity hygiene significantly amplifies the potential for destruction, with organisations that maintain strong security practices experiencing 35 times fewer destructive ransomware events. 

Insider threats are a formidable challenge for organisations and their cybersecurity. However, with the right strategies in place and by adopting a proactive, multifaceted approach, the risk and impact of these “wild card” threats can be reduced. 

By combining their expertise and resources, HR and IT can create a powerful synergy that significantly reduces insider risk. The HR department has deep insights into employee behaviour, motivations, and potential vulnerabilities. This knowledge can help IT Security teams identify early warning signs of potential insider threats and tailor security measures accordingly. In addition, HR policies and practices can significantly influence the likelihood of insider threats.

By working together, HR and IT can develop policies and procedures that foster a culture of security, promote ethical behaviour, and discourage risky actions.

Miguel Clarke is  GRC and Cyber Security lead for Armor

Image: Ideogram 

You Might Also Read:

Imminent New SEC Cyber Security Rules:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Google Invests In U.S. Education With 15 New Cybersecurity Clinics
British Government Minister Predicts Russia Will Step Up Cyber Attacks  »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

National Crime Agency (NCA) - United Kingdom

National Crime Agency (NCA) - United Kingdom

The NCA's Cyber Crime Unit focuses on critical cyber incidents in the UK as well as longer-term activity against the criminals and the services on which they depend.

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

UnderDefense

UnderDefense

UnderDefense provides cyber resiliency consulting and technology-enabled services to anticipate, manage and defend against cyber threats.

HiScout

HiScout

HiScout is your integrated management system for IT governance, risk & compliance.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

Clumio

Clumio

Clumio provides autonomous backup and recovery for critical cloud data.

Lattica

Lattica

Lattica provides a cryptography solution for privacy-preserving interaction with AI services.

Breeze Security

Breeze Security

The Breeze Platform acts as a defense coordinator, unifying security across identities, endpoints, cloud, and data to expose real attack paths, orchestrate remediation, and detect threats.