According to an article published by Cybersecurity Magazine in May 2023, insider threats are ‘a growing phenomenon, but many businesses aren’t yet doing enough to protect themselves effectively’.
The CISA (Cybersecurity & Infrastructure Agency) in the US defines insider threats ‘as a complex and dynamic risk’. The CISA expresses that such threats are acted by ‘an insider who uses their authorized access, to intentionally or unintentionally cause harm to a company’s mission, resources, assets, systems, personnel or facilities. Insider threats can manifest in a number of ways, including theft, espionage, violence, sabotage and cyberacts.
There are several ways in which insider threats can be characterized. These include accidental, malicious and negligence.
- Accidental insider threats often occur because staff do not have enough knowledge to manage cyber security best practices. An example of this is when an employee receives a malicious link or phishing email and an employee clicks on it by mistake.
- Malicious attacks occur because often firms are focused on mitigating against external threat actors. However, people within an organization can also be motivated to commit cybercrime in order to gain a financial advantage or cause sabotage. An example of the damage caused by malicious insider risk is Sébastien Vachon-Desjardins; a Canadian ransomware hacker was sentenced to twenty years in prison after committing cyber crimes by exploiting his expertise in a former role as an IT specialist for Public Services and Procurement Canada. He became associated with the Russian-speaking ransomware criminal gang called Netwalker during the pandemic and following his arrest, $28 million US in bitcoin was seized.
- Insider threats defined by negligence are when employees fail to follow cyber security best practices when it comes to policies about protecting data and endpoints. An example of this is when a company has strict policies with regards to the external sharing of files and resources, yet staff working in a hybrid format may be working on the public cloud from home. They can accidentally share files with no ill-will intent.
The capacity to define such insider threats that are a risk to firms crucial for their mitigation. Cybersecurity Magazine shared statistics within Europe and the Middle East, detailing that 70% of companies do not have a strategy in place to mitigate against insider threats. Often, businesses are restricted due to budget squeezes and a lack of internal expertise. The cybersecurity magazine went on to express that some organizations simply do not believe that they are a substantial enough issue to invest in.
However, like the Vachon-Desjardins example, not mitigating against insider threats can have grave financial and operational consequences. It is therefore fundamental that firms make protection against insider threat a business priority.
In order to effectively combat the risk of insider threats, firms must embrace an integrated approach that considers the role of human behavior and potential for error, alongside a data management strategy. RFA works alongside financial institutions to create a holistic defense strategy that identifies all potential insider risk vulnerabilities. Through this identification, we work alongside firms to create a bespoke strategy to mitigate against the risk of insider threats. We not only manage security measures for public cloud, we also offer firms staff training to minimize the risk of human error and negligence. If you would like to learn about how we can help you develop an integrated approach to combat the risk of insider threats, contact us today.