Insider Threats Pose a Greater Risk than Cybercriminal Gangs

Well-funded hackers with sophisticated tools strike fear into everyone responsible for cybersecurity. For instance, the Conti ransomware gang was responsible for 20 percent of ransomware attacks in the first quarter of 2022, including one that caused Costa Rica to declare a state of emergency. Other notorious gangs include North Korea’s Lazarus Group, the Magecart Syndicate and Russia’s Evil Corp.

As menacing as these groups may sound, Stephen in sales and Ellen in engineering likely pose more imminent threats.

According to recent Proofpoint report, 58 percent of CISOs believe the greatest risk of a breach comes from insiders — whether employees or trusted vendors. Consider these headline-making incidents:

A 17-year-old tricked a Twitter employee into providing the credentials for corporate administrative tools, enabling the Florida teenager to take over verified accounts and use them in a Bitcoin scam.
A disgruntled former employee of Kansas rural water district was able to access the agency’s computer system remotely and tamper with the cleaning process, putting customers in eight counties at risk.
Multiple employees of South Africa’s Postbank copied the primary encryption key, making more than $3.2 million in fraudulent transactions and forcing the bank to pay $58 million to reissue more than 12 million payment cards.

Interested In Learning More?

Untitled design - 2022-12-07T230739.644.png

Costs Continue to Increase

Although most cybersecurity solutions and processes are designed to thwart sophisticated external threats from hackers, studies suggest that insider threats are far more common. Almost three-quarters of all threats originate from within the organization, according to research from Vanson Bourne.

According to the Ponemon Institute’s 2022 Cost of Insider Threats Global Report, the frequency and cost of insider threats have increased significantly since the 2020 report. Insider incidents take 85 days to contain at a total average annual cost of $15.4 million.

Insider threats are rarely malicious in intent, however. They usually result from employees who unintentionally mishandle sensitive data or commit policy violations with “work-arounds” that bypass the IT process. Common behaviors known to create risk include using unsecure public Wi-Fi networks, sending files to personal email accounts, writing down passwords and using unsecured cloud apps. U.S. military personnel leaked sensitive information by using a flashcard learning app to memorize nuclear weapons security protocols.

Human error also plays a role. Microsoft neglected to secure servers storing customer information, leading to the exposure of 250 million customer records over the course of a 14-year data leak. Third-party vendors can also cause security breaches. French newspaper Le Figaro learned this the hard way when a hosting company accidentally exposed 7.4 billion records.

Untitled design - 2022-12-07T230913.018.png

Looking for Clues

Insider threats typically have behavioral characteristics, such as logging into a system remotely or at odd hours. Other indicators include:

Sending emails containing sensitive information to third parties.
Frequently requesting access to data that’s not related to the user’s job function.
Accessing or downloading large quantities of data.
Using or attempting to use USB ports and devices.

However, most organizations only monitor external traffic, causing them to miss potential threats that originate from inside the network. Organizations need tools that monitor all user activity and can recognize suspicious behavior. This includes both successful and unsuccessful access attempts and security policy violations.

The cybersecurity experts at DeSeMa can help organizations implement tools and processes to detect both malicious and negligent insiders. We start by performing a thorough assessment to determine what tools are in place and identify gaps in security controls. In many cases, we can boost security by reconfiguring security tools or turning on features that aren’t being utilized.

Insider threats pose a greater cybersecurity risk than notorious cybercriminal gangs. Like external threats, they follow certain patterns and exhibit behavior that indicate a potential threat. DeSeMa can help you implement security controls that protect sensitive information and help avoid a costly security breach.