Managing malicious attacks from inside your organization

by Emily Douglas

When it comes to cybercrime, employees can either be an organization’s most powerful defense or their biggest weakness. According to research from Tech Report, in 2023 approximately 31% of all data breaches were caused by insider threats – meaning that one third of data breaches were caused by an employee or contractor. 

It’s a worrying statistic for employers, especially as cyberattacks and the criminals behind them continue to become more sophisticated.
 
Insider threats are a growing concern in cyber security, stemming from both unintentional actions, such as falling for phishing scams, as well as actions with deliberate malicious intent. Research from Spy Cloud found that 56% of organizations experienced an insider threat incident in the past year, with 60% of HR security still being manual – leaving huge exposure gaps for insider threats to sneak in. 

Warning signs of insider threats 

Insider threats can be notoriously difficult to spot for leaders, but there are clues. Below are some warning signs from QBE’s expert cyber team:

1. Employees accessing systems and networks from unfamiliar locations, outside of office hours, or at unusual times.

2. Accessing sensitive information or data that is not required for their role.

3. Performing large downloads or data transfers that are unusual and not aligned with their role.

4. Exhibiting signs of being upset about not being promoted or given a pay raise or showing signs of unusual stress.

5. Showing a reluctance to take time off or be away from their workstation for extended periods, which may indicate they don’t want something to be discovered.

6. Installing and using unauthorized software and hardware.

How to stop insider threats before they happen 

To better mitigate these risks, businesses need to act preventatively rather than curatively by prioritizing workplace culture, ongoing training, and implementing strong data privilege and monitoring controls.

At QBE, they recommend that organizations put time and energy into enhancing data protection. This can include:

1. Strong access controls: Limit access to sensitive data and systems to only those who need it for their roles.

2. Encrypt sensitive data and/or portable devices: If a piece of hardware, such as a laptop, is misplaced or stolen, additional layers of protection in the form of encryption can prevent subsequent access to the company network and further data loss.

3. Disable portable storage devices: Unsecured portable storage devices pose risks for virus deployment, as well as a vulnerable path of data exfiltration outside of the network. 

From there, organizations should establish clear policies and procedures. This begins with developing and enforcing clear guidelines on the acceptable use of resources, data handling, and reporting suspicious activities – as well as ensuring employees understand the consequences of violating these policies.

If an incident does occur, it’s important to act quickly and confidently – something which can be achieved by already having a response plan in place. In the event of an insider-related cyber incident, having Incident Response Plans (IRP) and Business Continuity Plans (BCP) tailored to address these risks can make the difference between a minor disruption and a major event with significant financial and reputational consequences.

And, remember, when an employee leaves the business it’s essential to ensure their remote access is wholly revoked as soon as possible. 

Managing human error 

But it’s not always malicious insider threats – sometimes mistakes are made purely because of human error, making employee training a vital tool. Consideration to privileged access, and ongoing education are paramount to mitigating risk and creating a strong security-minded culture.