Employees are not only the most valuable asset of an organization but often also a significant cybersecurity risk. According to the 2023 data breach report, 19% of approximately 5,200 data breaches were caused by staff actions. In another study from 2022, the number of these events exceeded 6,800, and organizations spent about $15.4 million per year on remediation.
Therefore, ESET specialists have prepared recommendations for companies to minimize the risks of insider threats and the negative consequences they cause.
How have the threats changed?
In recent years, the complexity of cyber threats targeting organizations has been increasing. Among the popular attack vectors are supply chain compromise, email hacking, and other fraud schemes that use stolen employee credentials, as well as the use of ransomware.
With the rapid shift towards digital transformation, flexible work modes using cloud technologies, and increasing reliance on third-party vendors, the opportunities for attacks on each organization have significantly expanded. And since malicious actors constantly exploit this, organizations find it increasingly difficult to prioritize among the most critical risks.
At the same time, it is not enough to simply prevent intruders from penetrating the network; it is also necessary to address the minimization of insider threats. Since the consequences of an incident caused by employees are often even more destructive than those of an incident caused solely by an external attack vector.
What is the danger?
Most incidents involving employees occur due to carelessness or negligence. ESET.
Insider threats are generally associated with the actions of current and former employees or contractors who can harm the company’s networks, systems, or data.
Internal threats are divided into two types – intentional and unintentional, with the latter being caused by either random or careless actions. Research shows that most employee-related incidents occur due to carelessness or negligence, rather than malicious intent. Moreover, the staff may have a financial interest or a desire for revenge.
Among such malicious actions can be theft or unauthorized use of confidential data, causing harm to internal systems, granting access to intruders, and others.
Insider threats are a unique challenge for cybersecurity due to the difficulty of detection and prevention. This is because insiders have many more opportunities than external attackers. Since employees and contractors require extended access to the organization’s systems and data to perform their work. Thus, the threat may not be obvious until the attack actually occurs or until the damage has already been done. Insiders are also often familiar with their employer’s security measures and procedures and can more easily circumvent them.
How to deal with insider threats?
To minimize potential risks posed by insider threats, the organization must ensure security measures are in place.
Implement access control. In particular, role-based access control (RBAC) can help restrict access to confidential data and systems, except for those employees who need it to perform their job duties. Thus, the company can significantly reduce the impact of insider threats. It is also important to regularly review these rights to ensure that access levels remain current and correspond to employees’ responsibilities.
Monitor staff activities: implementing an XDR tool for extended detection and response allows for the quick and efficient identification of anomalous behavior and violations, as well as providing the ability to assess risks, respond operationally, investigate, and resolve incidents.
Check the reputation of employees, contractors, and suppliers before granting them access to confidential data. This can help identify any potential risks.
Organize training on safety issues. Conducting regular security training for staff is crucial for improving their understanding of cybersecurity risks and ways to mitigate them. Often, employees may unintentionally click on a phishing link, download malware, or share confidential company information, leading to data breaches or other incidents. Regular training can prevent such incidents, reducing costs as well as the reputational damage associated with insider threats.
Add a Comment