Insider Threats: costly, hard to detect, hard to defend against
There are many types of cyber-threats from malware and ransomware to spam, phishing, DDoS attacks and more. And whilst the vast majority of these come from external sources, one of the most dangerous and difficult to protect against threats comes from far closer to home… Insider Threats, or breaches of security protocols by staff of an organisation, are incredibly hard to defend against as by nature, employees have knowledge of where sensitive data is stored, and what sort of data it is. Additionally, depending on their security levels, they may also be able to access this data and – whether with malicious intent or not – can cause breaches that expose this data to a publicly available platform.
The Extraordinary Cost of Inadvertent Data Breaches
IBM released a report recently revealing that inadvertent (or in other words, careless and unintentional) insider threats are the main reason for a 200+ percent increase in the number of records breached in recent years. These breaches pose a multitude of dangers – private contact details, banking details, personal health-related information, company records, accounts and more can suddenly be made publicly available, or in more nefarious cases, made available for purchase by criminals. The cost of these threats is extraordinary – it’s estimated that internal data breaches cost more than £10-million each year, with that number increasing. More worryingly, more than 60% of these inadvertent breaches were attributed to negligence and poor compliance standards. And from a business perspective, the average time to locate, isolate and contain an insider threat is 85 days – plenty of time for damage to be done. Different Types of Insider Threats As with other cyber threats there are different types of insider threats, broadly falling under negligent or criminal, including:
- The Pawn: an employee who unwittingly and unwillingly performs a malicious activity, oftentimes through a malware link, disclosing credentials to criminals through phishing or some form of criminally-engineered route
- The Arrogant/Careless person: an employee who believes that security policies and protocols are unnecessary and who flaunts them regularly, in so doing creating a route for criminals to seize sensitive data, credentials and more.
- The Collaborator: an employee who actively engages with outside forces (criminal or otherwise) and uses their own access levels and inside information to cause business disruption, cyber theft and similar behaviours. This is often done for personal or financial gain.
- The Loner: These are employees who deliberately and with malicious intent – albeit on their own – use insider information to their own benefit and/or to the detriment of the business they work for.
- The Outsider: a contract or temporary employee who may be given temporary access but who may also be around other staff enough to be able to glean information that they shouldn’t have access to.
- The Credential Thief: a criminal outside of the business who has managed to get valid access credentials, and who as a result can behave like an employee but is using the access for nefarious reasons.
How to protect against Insider Threats There is a range of technology-based and non-technical controls businesses can implement to improve detection, prevention and mitigation of insider threats. As a starting point, it’s really important for business operations staff to understand what might lead a member of staff to become vulnerable to being targeted by criminals. Asking the right questions can help establish these factors, including:
- What type of data does the business store?
- How might that be valuable to an external force?
- How many staff members have access to the data?
- How is the data stored?
- What access controls are in place, and how are interactions traced and recorded?
- What are staff currently accessing the data for?
- Are multi-factor authentication controls (MFAs) in place?
- How thorough are background checks when hiring new staff?
- What mobile devices are staff using away from the office and what endpoint management solutions are in place to limit these devices off site?
- What employee training is being implemented and how up to date is employee knowledge?
Fighting cyber-threats is a daily, ongoing challenge for businesses. If you need help with any aspect of your business’s cyber security please get in touch today. iTEXS is Cyber Essentials Certified and provides secure IT systems for numerous businesses across many industries and sectors. For IT Support Cambridge, call us today on 01223 834844