National Insider Threat Awareness Month 2021
Insider threats have fast become one of the biggest dangers to organisations, accounting for 60 per cent of data breaches and costing an average of $11.5 million. Not only has the frequency of these attacks increased by 47 per cent since 2018, but the problem has also become more complex and pressing over the last 18 months, with the global shift to remote working. Companies can no longer afford to be negligent when it comes to protecting against insider threats.
This National Insider Threat Awareness Month, Cyber Magazine spoke to 10 cyber security experts about the dangers of insider threats and how to protect your company.
“While many companies focus on ransomware and malware as top cybersecurity risks, insider threats should also be top of mind, whether there is malicious intent or well-intentioned employees who simply make costly mistakes," explains Anurag Kahol, CTO at Bitglass. “In fact, 61% of organisations reported experiencing at least one insider attack last year. As companies move toward a hybrid work model, IT teams will be challenged with safeguarding sensitive corporate data from insider threats both in the cloud and on-premises. This further validates the need for complete visibility and control across the hybrid IT ecosystem.”
Recognising threats
When it comes to insider threats, the first and often the most difficult task is to simply spot the threat in the first place. Steve Moore, Chief Security Strategist at Exabeam, explains: “Legitimate users performing unwanted or dangerous activity always prove more difficult to detect than typical external threats. Though most insider threats are unintentional and typically occur by accident, the damage they cause can still impact business outcomes and stability.
“To add complexity to this already difficult problem, there have been examples of criminal attackers who now offer a cut of the proceeds if an employee assists in deploying ransomware. How many disgruntled or underappreciated employees might consider this opportunity?”
To combat these concerns, Raffael Marty, SVP Cybersecurity Products at ConnectWise, suggests a comprehensive security programme that emphasises preparedness and visibility. “Preparedness is about planning for the day that something happens and it should cover simple things like what the organisation does when an employee leaves and goes all the way to establishing preparedness for a sabotage event like ransomware or electronic time bombs. Visibility is about having line of sight to potential adverse actions. It starts with monitoring devices, but expands to understanding what employees are doing and making sure they are trained on cyber security issues like phishing, which is still one of the main initial vectors of attacks.”
Hybrid working & digital transformation
Of course, in 2021, it comes as no surprise that one of the greatest challenges most companies have faced in recent years has been the shift to remote or hybrid working. These changes have brought with them their own security risks.
Terry Storrar, Managing Director at Leaseweb UK, notes: “Safeguarding data from insider threats has become more complex and more pressing in the last 18 months. Companies faced unprecedented challenges in the early weeks of the first lockdown, with many scrambling to put in place quick-fix home working capabilities and leaving cracks in their security infrastructure. While external threats gain the limelight, it is no less important to secure against insider threats especially with employees no longer behind office walls.
“Now that hybrid working is set to stay for the long term, companies should take the opportunity to review their security structures and policies to ensure that home and remote network environments are not left vulnerable to external or internal threats.”
Due to the pandemic, organisations not only changed the physical location of their work, but many were also further incentivised to accelerate their digital transformation plans. However, as companies pushed their new strategies and application programming interfaces (APIs) the risk of unauthorised access and data exposure grew.
According to Liad Bokovsky, Senior Director of Solutions Engineering at Axway: “Recent news stories about security vulnerabilities that have exposed private data have brought the issue of API security into sharp focus. Simple failures to treat API security with respect have resulted in some significant data breaches affecting millions of users.
“Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe.”
Employee negligence
Of course, not all insider threats are malicious. “Critical contributors to insider threats are employee turnover, poor data governance controls and negligence,” explains Neil Jones, cybersecurity evangelist at Egnyte. “If employees resign, they can extract information from your files that could benefit them in their new jobs with competitors, or even worse, publicly embarrass your organisation. That process is referred to as exfiltration. A good first step to prevent “data leakage” is to utilise a data governance platform that leverages machine learning, so that sensitive information is available to the correct organisational users, based on their business ‘need to know’.”
As for negligence, Jakub Lewandowski, Global Data Governance Officer at Commvault, notes: “Two out of three insider threats are unintentional, occurring from employees’ negligent behaviour, such as not complying with security policies. As data protection laws very likely change in the following months and years, employees may have increased access to customers’ personal data, and therefore need to be fully informed of any subsequent changes to security policies. A lack of awareness could result in sensitive data being leaked accidentally, for example.”
Combating threats by being proactive
“When it comes to maintaining cyber vigilance, it pays to train all employees accordingly,” says Don Mowbray, EMEA Lead, Technology & Development at Skillsoft. “Consider giving end-users access to bite-sized learning that enables them to spot a phishing email and know when and why they shouldn’t click on a link or open a document. This represents a vital first line of defence for protecting the company’s network and data. Ensuring that those responsible for IT security are appropriately trained in how to implement best practice security guidelines and procedures is also critical.”
Naturally, although employees are the first line of defence against attacks, they should by no means be the last line. Danny Lopez, CEO at Glasswall, notes: “Employee training can be helpful in some cases, but it often overlooks the sophistication of cybercriminals and can create a fear-based culture where people are afraid to come forward if they’ve made a mistake.
“Your leadership teams should understand where your risk factors are and implement proactive technologies, such as Content Disarm and Reconstruction (CDR), which can deliver instant protection. In the face of increasing risk and intricate attacks, there’s no better time to make cybersecurity a top priority.”
Lastly, there should be a big emphasis placed on securing communications. Dottie Schindlinger, Executive Director of Diligent Institute, advises that: “Sensitive communications should be conducted in a closed-loop environment that can be viewed only by the appropriate parties, even within the organisation. Open communication tools – like Slack, texting and personal email – are great for informal communication, but they don’t often provide the level of security or access privileges needed for sensitive communications between executives, the board, legal, HR, risk and compliance teams. They need secure environments and workflows that allow them to communicate highly sensitive information safely, without worrying that it might accidentally be misrouted, forwarded, leaked or even stolen. And, the system must be intuitive and convenient, so executives remain within its workflows and processes without straying to other systems and creating security gaps.”
