Cybersecurity professionals across all industries are focused on keeping threats out of an organisation.From business email compromise attacks (BEC) to malware, and ransomware, there are a host of threats that, once inside an organisation’s defence, can do significant damage.
The public sector has always been a popular target with cybercriminals, with education in particular bearing the brunt of much of that activity. The global Covid-19 pandemic, cyber threats targeting the healthcare sector have also seemingly heightened, in particular ransomware attacks. Both sectors are highly vulnerable to cyber Threats due to data they hold. Threats from outside a concern but threats within also a concern that need to be taken care
Insider threats increasing
Insider threats are on the rise, increasing just like outside threats, those that stem from within have the potential to cause significant damage, costing business
When we consider unintentional threats – such as the installation of unauthorised applications or the use of weak or reused passwords – this figure is likely much higher. Not all are malicious.
Due to human error or malicious intent, threats from within are notoriously difficult to defend against. Not only is the ‘attacker’ already within your defences, using systems and applications you provided them, but in the case of malicious insiders, they may be able to use privileged access and information to actively avoid detection.
Understanding insider threats
Motivating factors can generally be grouped into three categories:
- Emotionally motivated.
- Financially motivated.
Insider threats can occur at any level of your organisation. With that said, actions that take place lower down the business hierarchy may be harder to detect.
Pandemic psychology driving insider threats
The global pandemic has driven a global shift to remote working. This in itself presents a number of cybersecurity implications for security teams working to keep threats out of the organisation.
Employees are working outside of the norms and formalities of an office environment – and many are not used to this yet. They may be unsettled, distracted by chores and home life, and more prone to making basic mistakes.
The home environment may also lend itself to potential bending and breaking of the security best practices expected in the office. This could mean using personal machines for convenience, using corporate machines for personal activity, writing down passwords, or failing to properly log in and out of corporate systems.
Since the start of the pandemic,hundreds of COVID-19 related phishing attacks, imploring victims to click links, download attachments and share credentials. It only takes one absent-minded employee to jeopardise the security of your entire organisation.
Defence in depth
The only effective defence against insider threats is a flexible, robust, multi-layered strategy that combines people, process, and technology. One cannot decline the access but it can be governed
Start by implementing a comprehensive privileged access management (PAM) solution to monitor network activity, limit access to sensitive data, and prohibit the transfer of this data outside of company systems.
There should be zero trust between your technology and your people. There may be a good reason for an access request or out of hours log in, but this cannot be assumed. Controls must be watertight, flagging and analysing every log for signs of negligence or foul play.
A clear comprehensive processes governing system and network access, user privileges, unauthorised applications, external storage, data protection, and more.Monitoring and reporting on not just the risk, but the activity leading to risk…stop the security event when you see the activity that introduces it.