Insider threats may sound like an act of revenge – disgruntled employees, contractors or partners misusing their access privileges to cause harm to an organisation, most often resulting in the loss of data or access to crucial systems. But this preconceived notion is largely false – two out of every three insider threat incidents are accidental, caused by unintended negligence or simple human error.
And, you don’t have to look too far to see the impact that accidental insider threats can have. Making headlines over the past few weeks, the Police Service of Northern Ireland (PSNI) data breach is an example of how a mistake by an employee can have disastrous consequences. In this case, the names, locations and roles of police officers and staff in Northern Ireland were published on the internet. When responding to a routine freedom of information request, an entire spreadsheet was shared, instead of just the numerical table of information that was requested.
But this is not an isolated case and similar scenarios are more common than you may think. As Richard Orange, Vice President of EMEA Sales at Exabeam, explains, “Insider threats are among the most challenging threats organisations face – and the most widespread. Verizon’s Data Breach Report 2022 revealed insider threats were responsible for 20% of all global data breaches.”
And this is because becoming an insider threat is fairly easy to do. Orange adds that actions as simple as “clicking on a phishing link” or “leaving a laptop on a train” can turn an innocent party into a huge organisational risk.
Andy Swift, Cyber Security Assurance Technical Director at Six Degrees, adds that physical social engineering (PSE) is another way in which “vulnerabilities arise from seemingly innocuous actions, such as holding doors open without verifying credentials or allowing maintenance workers unsupervised access. However, an issue that is particularly unique to PSE is that attackers often manipulate human kindness to achieve their aim. Most people’s natural reaction to someone standing outside with a coffee in each hand is to open the door to assist them. But this is exactly where the vulnerability lies.”
Reducing human error
Due to the nature of insider threats, a lot of the work needed to prevent their occurrence involves reducing the possibilities of human error. Although this is impossible to completely eliminate, there are steps that can be taken. For example, Okey Obudulu, CISO at Skillsoft, is an advocate for training, stating that it enables employees “to go from potential victims to the first line of defence.”
“Organisations must provide comprehensive training to educate employees about identifying and mitigating risks associated with all attacks, especially ones leveraging generative AI,” he continues. “This includes imparting knowledge about the latest phishing techniques, raising awareness about the dangers of engaging with unknown entities, and promoting vigilant behaviour online. Robust threat detection technologies that leverage advanced machine learning algorithms can also be implemented to help identify anomalies and potential attacks.”
Agreeing about the importance of training, Andy Bates, Practice Director – Security at Node4, stresses that “to get the best results from such training, it needs to be fun and engaging. Everyone is guilty of zoning out during long, monotonous training sessions so these should be interactive and different each time to keep people’s attention. At Node4, we run ‘war game scenarios’ where we simulate a range of attacks, from the most basic to the most sophisticated, and set up social engineering red teams who show employees how we could have hacked them. This gives them firsthand experience and exposure of why their actions to protect the company’s systems and data are essential.”
Yet training can’t eradicate all mistakes. Even with the best training in the world, “stressed, overwhelmed, or burnt-out employees are the most likely to make a mistake,” Bates adds. “Managers must be monitoring for signs that an individual is struggling, whether due to work or personal factors, and be able to offer support when it is needed. Only then can you be confident that you have a strong workforce who can provide the best first line of defence in a fortified business.”
Technology: An additional barricade
Organisations don’t have to, and shouldn’t, rely solely on their employees to protect their data and systems should the worst happen. Having additional layers of security and protocols in place are essential for having a secure environment.
We have all heard of the capabilities of artificial intelligence (AI) to change the world, with its boom in popularity over the past year, but it also holds huge possibilities for cybersecurity. As Patrick Beggs, CISO at ConnectWise, recommends, “to enhance their ability to detect and prevent insider threats, organisations can leverage artificial intelligence for context-aware monitoring, anomaly detection and behavioural analytics. By consuming billions of data artefacts, AI quickly learns about emerging risks, identifying malicious files and suspicious activity much faster and more accurately than a human ever could. It then applies its findings to predict activities, identifying them as they occur and assigning them a severity level for remediation.”
But it is not just AI that can protect against insider threats, there are a range of tools and technologies that can help teams across the organisation to prevent them from happening. Matt Hillary, CISO at Drata, states that “the challenge of tackling – and mitigating – insider threats straddles both the cyber security and compliance teams.”
He highlights the benefits of using tools and technologies to collaborate on such issues: “Using tools that streamline manual processes and reduce human error can help build trust, transparency and co-operation between these two, often separate, teams. For example, compliance automation eliminates blind spots through automated control monitoring and reduces the time it takes to close gaps and respond to noncompliance. It’s important to note that continuous compliance should not be viewed as a replacement for a robust cybersecurity policy, but rather as a complementary strategy that helps facilitate a culture of security. Threats from insiders will always exist – whether malicious intent or genuine mistake – but by working together, security and compliance teams can go a long way to mitigating the risk.”
Whilst there are a range of technologies out there to build a defence against insider threats, these still only reduce the risk of a security incident. Unfortunately, there is no foolproof way to completely avoid insider threats, so Kevin Cole, Director of Technical Marketing and Training at Zerto, a Hewlett Packard Enterprise company, stresses that “investment in effective recovery technology is vital for organisations to protect themselves against the fallout of an insider threat-driven data breach or ransomware attack, which can lead to costly disruptions if operations are not restored swiftly. Building upon traditional zero-trust frameworks for data access, organisations should look to integrate these systems into their backup solutions by leveraging decentralised zero-trust methods. By keeping data isolated and replicated continuously, businesses can recover fully, and also rapidly, should an insider threat leave them exposed to attack.”
It pays to be prepared
The consequences of insider threats can be disastrous. According to Proofpoint’s 2022 Cost of Insider Threats: Global Report, an insider threat incident takes an average of 85 days to contain, and costs an average of $17.19 million on an annualised basis. So there is no time like the present to enforce strategies to prevent them from occurring. It is true that everybody makes mistakes, but don’t let your mistake be not preparing for an accidental insider threat incident!