It all started innocently, when one of her employees Tesla received an invitation from a former colleague to meet for a drink. Several drinks and meals later, the old acquaintance made his true intentions clear: he offered her employee Tesla $1 million for illegally injecting malware into the automaker's computer network in a scheme that, if successful, would have allowed a cybercrime ring to steal vital data from Tesla and hold them for ransom.
“However, everything could have turned out very differently. This attempted attack was a reminder that employees are not only an organization's greatest asset, but often its greatest risk – and a risk that often goes unnoticed," warns Márk Szabó from the global digital security company's team ESET.
Let's look at some statistics to help us realize how important the issue is. According to her report Verizon 2023 Data Breach Investigations Report (DBIR), το 19% από τις περίπου 5.200 παραβιάσεις data που εξετάστηκαν στη μελέτη προκλήθηκαν από εσωτερικούς παράγοντες.
Meanwhile, his research Ponemon Institute of 1.000 IT and IT security professionals from organizations that had experienced "significant incidents caused by someone inside the company" found that the number of insider-related security incidents had increased by 44% in just two years. The world fair 2022 Cost of Insider Threats Global Report put the number of these incidents at more than 6.800, with affected organizations spending $15,4 million annually to remediate insider threats.
The attack surface is expanding – also for insider threats
The serious and powerful cyber threats such as attacks on the software supply chainThe business email scam (BEC) and other scams that exploit stolen goods logins employees, along with the ransomware and other attacks that are often facilitated by a thriving model cybercrime as a service, have pushed cybersecurity to the top of boardroom agendas.
With the race for digital transformation, the shift to ευέλικτες μορφές work based on cloud and the growing one dependence on third party suppliersThe attack surface of each organism has expanded significantly. The cybersecurity landscape is now more complex than ever, and as attackers exploit this complexity, identifying and prioritizing the most critical risks is not always a simple process.
Muddying the waters even more, keeping external attackers at bay is often only half the battle. Insider threats are usually not high on priorities, even though the impact of an incident caused by an insider attack is often even more dire than the impact of an incident caused solely by an external attack.
Under our noses
Η εσωτερική απειλή είναι ένας τύπος απειλής κυβερνοασφάλειας που εγκυμονεί στο εσωτερικό μιας businessς ή οργανισμού, καθώς συνήθως αναφέρεται σε έναν υπάλληλο ή συνεργάτη, νυν ή πρώην, ο οποίος μπορεί να προκαλέσει βλάβη στα δίκτυα, τα συστήματα ή τα δεδομένα μιας εταιρείας.
Insider threats are typically divided into two types – intentional and unintentional, with the latter further broken down into accidental and careless acts. Studies show that most incidents related to insider threats are due to carelessness or negligence, not fraud.
The threat can take many forms, such as stealing or misusing confidential data, damaging internal systems, providing access to malicious actors, and so on. Such threats are usually motivated by various factors, such as economic, ideological, negligence, simple malice, or revenge.
These threats pose unique security challenges as they are difficult to detect and even more so difficult to prevent, in part because employees or partners have a much larger window of opportunity than external attackers. Of course, employees and partners require legitimate and increased access to an organization's systems and data in order to do their jobs, which means the threat may not be apparent until after the attack has taken place or after the damage has been done. Employees are also often familiar with their employer's security measures and procedures and can more easily circumvent them.
Additionally, although security ratings require background checks, they do not strictly consider personal mental state, as this can change over time.
However, there are some steps an organization can take to minimize the risk of insider threats. They are based on a combination of security controls and a culture of security awareness and cover tools, processes and people.
Proactive measures to mitigate the risk of insider threats:
“It should be noted that none of these measures provide security by themselves, and no solution can completely eliminate insider threats. However, by implementing a combination of these measures and regularly reviewing and updating security policies, businesses can significantly reduce their exposure to insider threats," explains Márk Szabó from ESET.
The proposed measures are:
- Apply access controls: The implementation of access controls, such as role-based access control (RBAC), can help limit access to sensitive data and systems to only those employees who need it to perform their duties. By granting access to only those employees who need it for their work, a company can significantly reduce its exposure to insider threats. It is also important to regularly review these access privileges so that access levels remain appropriate and aligned with employee roles.
- Monitoring of employee activity: Implementing audit tools to monitor employee activity on company devices or on their network can help identify suspicious behavior that may be indicative of an insider threat. Surveillance can also help identify any unusual data transfers or abnormal access patterns to sensitive systems and data. However, ensure compliance with local regulations and establish clear ones guidelines on auditing to address potential privacy concerns.
- Conduct background checks: Conducting background checks on all employees, partners and suppliers before granting them access to sensitive and confidential data can help identify potential risks. These checks may also be used to verify a person's employment history and criminal record.
- Security Awareness Training: Providing regular security awareness training is instrumental in increasing employee understanding of cybersecurity risks and how to mitigate them. This can help reduce the chance of accidental insider threats, such as falling victim to phishing (Phishing).
- Πρόληψη απώλειας δεδομένων (Data Loss prevention): The implementation of a system DLP can help prevent data loss or theft by monitoring, detecting and blocking any unauthorized transfer or sharing of sensitive data. This can help reduce insider threats and protect confidential data. The caveat here, however, is that the providers DLP they are also targeted by attackers, so this is an additional concern.
Security awareness training: the top choice
This is a top choice of the described measures for several reasons. First of all, this kind of education helps businesses save some money by reducing the risk of unintended insider threats.
More often than not, employees are unaware of certain cybersecurity risks and may unwittingly click on a phishing link, download malware, or share confidential internal data, leading to data breaches or other incidents. By providing regular training to employees, these types of incidents can be prevented, reducing the costs associated with this insider threat, as well as the reputational damage associated with breaches and legal issues.
Additionally, providing security training can improve both cyber hygiene and a company's overall security posture, leading to increased efficiency and productivity, as employees trained to recognize and report security incidents can help in the early detection and mitigation of security threats, reducing their impact and the costs associated with them.
However, implementing a combination of measures tailored to a company's specific needs is still the best approach to fighting insider threats and saving costs in the long run.