By Venkatesh R, Co-Founder and VP – Strategic Channel, iValue InfoSolutions
In mystery novels, the least unlikely suspect almost always turns out to be the
criminal. That is more or less how insider threats work. These are folks that organisations rely on to protect their data but who end up putting it at risk. While they can take various forms, from neglectful workers to malicious cybercriminals, the result is always the same—devastating loss to the company.
These insiders could be anyone—employees, consultants, vendors, or even customers—in the company’s ambit with access to sensitive data or processes. While this status quo begs the argument that every company is open to insider risk, the reality is that if the right strategies are put in place, insider threats can be mitigated.
The Wolf In Sheep’s Attire
Insider threats can be classified into four categories, each posing a different risk to organisations. One common scenario involves employees inadvertently compromising company information. For instance, leaving laptops unattended in public places like cafes makes it easy for anyone to access sensitive data.
Similarly, accidental email misdelivery can lead to unintended recipients gaining access to confidential information. A notable example occurred when the UK’s Home Secretary Suella Braverman mistakenly sent sensitive government data to the wrong person, resulting in her dismissal.
Another type of insider threat involves disgruntled employees seeking retribution or personal gain. When Shannon You was laid off from Coca-Cola, she attempted to steal the closely guarded liner recipe meant to protect the company’s cans. However, Coca-Cola’s security team promptly detected the file transfer and apprehended her.
Lastly, cybercriminals may exploit third-party applications used by organisations to steal data or sabotage systems. In an incident resembling a spy movie plot, hackers breached a third-party app utilised by Marriott Hotels
Resorts, compromising 5.2 million guest records. Consequently, Marriott faced a significant £18.4 million fine for non-compliance with GDPR requirements.
These examples underscore the importance of robust security measures, employee awareness training, and strict data protection protocols to mitigate insider threats and safeguard sensitive information.
Paying A Heavy Price
Insider threats are escalating, with a 44% surge in incidents over the past two years, as per the Ponemon Institute. The average cost of these incidents has risen from $11.45 million in 2019 to $15.38 million in 2021. Such threats not only impose financial burdens but also present additional challenges. Leaked sensitive data and trade secrets frequently find eager takers on the dark web,
weakening a company’s competitive edge.
In a notable case in July 2020, hackers accessed Twitter accounts of high- profile individuals, including Barack Obama, Elon Musk, Bill Gates, and Jeff Bezos. They exploited these accounts to promote a money transfer scam, causing users to transfer approximately $180,000 in Bitcoin to scam accounts. Twitter suffered severe consequences, including a 4% drop in stock price, backlash from users and investors, and the postponement of its new API release. The company focused on strengthening security protocols and conducted educational sessions to raise awareness among employees about social engineering attacks.
This incident underscores how insider threats can inflict significant reputational damage, leading customers to switch to rival brands. Moreover, such threats may result in substantial penalties as government agencies prioritise data privacy.
Fortification Starts From Within
In order to effectively address the challenge of insider threats, businesses undergoing digital transformation must take a multifaceted approach to cybersecurity. This entails asking probing questions to unravel the complexities of this pervasive issue. By gaining a comprehensive understanding of the workforce and identifying individuals with access to critical systems and sensitive data, organisations can pinpoint potential vulnerabilities.
It is also crucial to delve into the motivations behind insider threats, such as disgruntled employees seeking revenge, individuals enticed by financial gains, or accidental breaches due to negligence. Armed with these insights, CIOs and CTOs can shape cybersecurity policies by implementing granular access controls and limiting employee access to sensitive information based on their roles and responsibilities.
Robust monitoring systems can be employed to identify suspicious activities, along with real-time alerts for potential insider threats, enabling swift intervention and response. Additionally, developing a well-defined incident response plan, considering the insights from probing questions, is crucial to swiftly mitigate and contain insider threat incidents, thereby minimising potential damage.
Protect, Monitor, Repeat
In today’s rapidly evolving cybersecurity landscape, organisations must prioritise continuous policy evaluation and adaptation to counter insider threats effectively. IBM Cost of a Data Breach Report 2022 highlighted that only 41% of organisations have embraced zero trust security, despite potential cost savings of $1.5 million with mature deployment. As remote work and hybrid multi-cloud environments prevail, a zero-trust strategy becomes crucial, limiting accessibility and demanding contextual authentication. Data classification, retention programs, and encryption, including fully homomorphic encryption, enhance visibility and shield against breaches.
In addition, implementing Network DLP, Endpoint DLP, and Email DLP prevents data leakage. Network access control further restricts unauthorised connections. Profile-based access to resources/data, post data classification, minimises insider threats. Regular employee training based on findings improve security awareness for continuous improvements in cybersecurity.
These multi-layered solutions ensure comprehensive protection against potential threats, reinforcing the organisation’s overall cybersecurity posture. Strengthening internal frameworks for audits, risk evaluation, and compliance improves breach detection and containment. Organisations must adopt cutting edge strategies like Privileged Access Management (PAM), Endpoint Application Management, zero trust security, fortified cloud security, encryption, and XDR to safeguard digital assets and maintain stakeholder’s trust.
The Human Touch
In an era where the insider threat looms large, CEOs and CTOs must proactively address this risk through a comprehensive cybersecurity approach. By seeking answers to probing questions about insiders and leveraging those insights, leaders can shape policies that protect their networks, foster a vigilant workforce, and bolster their organisation resilience against insider threat attacks.
But more importantly, there is a need to understand that these threats are often based on human elements than technological ones. The Ponemon Institute’s 2020 Cost of Insider Threats study revealed that negligence was responsible for 63% of internal data breaches, highlighting the human element in these incidents. Hence, there is a need to train employees regularly on cyber hygiene as well as ways to spot and report suspicious activities.
Establishing a culture of cybersecurity awareness is paramount. Awareness Intent Pop-ups to the user devices, regular training sessions on recognising insider threat indicators and reporting suspicious behavior can empower employees to become active participants in safeguarding the network. This can be monitored regularly to check the progress of Security posture of the organisation.
For the longest time, companies security policies centred on keeping the bad guys out. It is now time to flip the narrative and identify the chinks in the armour within and address those challenges to tackle the menace of insider threats.