According to a Cybersecurity Insiders report, the average cost of an insider threat incident in 2023 is $15.38m. However, there are tell-tale indicators that your firm could be at risk from an insider threat, argues Chris Denbigh-White, CSO at Next DLP.
For a company to be able to handle risk effectively, complete visibility of its entire security environment is essential. That means not only protecting data and networks against external threats but also assessing risks that come from within the business: a primary vulnerability which brings its own specific challenges.
In fact, the risks posed by internal threats have grown to near-omnipresent levels, with recent industry research indicating that 74% of organisations say insider attacks have become more frequent.
The challenge is in identifying where these threats come from, as employees and contractors all have variable levels of authorised access. This challenge is clearly proven with stats illustrating that over half of companies have reported an insider threat. It is particularly difficult to address as whilst threats can indeed be the result of malice, in many cases they are simply down to human error.
Asking the right questions
The first questions to address are: “Why?”, “Where are these threats coming from?”, and “What is the motivation behind them?” Negligence has been found to account for almost two-thirds of insider incidents, showing that further strategy around dealing with insider threats could be a quick and easy solution to this threat. Security lapses that are caused negligently or accidentally could arise from a lack of training or compromised credentials, among other easy-to-fix problems.
These types of incidents have many causes, such as an authorised user breaching security protocols to do their job more quickly or effectively. On the other hand, malicious insider threats are motivated by anything from playing politics, financial incentives, or simply spite of a soon-to-be-ex-employer or employee.
Spotting insider threats from afar
There are several identifying factors within your security environment to be aware of when it comes to insider threats. Identifying unusual or out-of-character behaviour can help limit or prevent the fallout from a security breach, whether it is intentional or accidental.
These warning signals may encompass various elements, such as employees accessing systems during unconventional hours, displaying frequent and irregular absences from work, facing financial challenges, or engaging in constantly challenging behaviour with colleagues. While these indicators are highly subtle and challenging to identify, there are also more conspicuous warning signs, such as an employee consistently seeking elevated privileges or attempting to access resources beyond their remit.
In many cases, identifying these pointers is easier said than done. Unsurprisingly, employees intent on acting in bad grace will try to cover up suspicious behaviour to throw their colleagues off the scent, which is why organisations need advanced analytics to highlight subtle changes in activity against baseline normal expectations. Such a system can then alert the relevant security personnel to anomalous behaviour that demands investigation.
To comprehensively mitigate risks at the organisational level, a holistic and proactive approach is essential. Conducting routine risk assessments and security audits, for instance, serves as a robust framework for developing an efficient insider threat strategy. Their primary advantage lies in their ability to pinpoint current vulnerabilities in security posture and processes, allowing for their timely closure before being exploited by a malicious or negligent insider.
Introducing advanced technological threat intelligence
The human element will always be critical. However, there are also evolving tools based on AI and Machine Learning which are promising to change the game when it comes to threat detection. These cutting-edge technologies can predict and identify anomalies more quickly and more accurately, providing an extra level of advanced security. At the same time, they integrate with existing security systems to help address external and internal threats in a timelier manner.
In particular, organisations are increasingly adopting a variety of technological solutions, including Data Loss Prevention (DLP), which harnesses threat intelligence and advanced analytics to detect a wider spectrum of insider threats. These tools are designed to act pre-emptively, identifying potential threats before they escalate into security incidents or breaches.
Additionally, they use automation technologies to intervene in malicious or negligent activities within organisational infrastructure, such as preventing users from downloading sensitive data to removable storage, automatically encrypting data within emails, or conducting real-time content inspections to thwart unauthorised exfiltration.
Security professionals rely on identifying the root causes of insider threats by reconstructing patterns and analysing employee behaviour via the granular analysis of data. All of this should also be contextualised through applications, connected devices and behavioural patterns while ensuring that employee privacy and confidentiality are maintained.
The importance of training and employee engagement
Technology has a vital role to play in supporting a strong security strategy. However, employees have their own role to play, and it requires consistent and robust training programmes. Such training will ensure that they can grasp why they are not allowed to perform certain actions, what constitutes a breach of security and what the right course of action is.
Equipped with this knowledge, employees can build upon it on an ongoing basis when it comes to best practices, thus providing a substantial extra layer of proactive protection against accidental breaches.
Insider threats can only be adequately addressed by combining technology, training, and corporate culture. Encouraging an environment based on trust and security awareness, in tandem with advanced technology, will safeguard reputation, employees and assets, alike.
