With increasing cyber attacks linking back to insiders, are employees the greatest threat to a company’s security? Whether the insider is a disgruntled colleague, third party contractor or a careless employee, the potential enormity of a cyber attack from the inside is an underacknowledged threat. With these insider-caused incidents costing organisations almost double that of an average breach companies are forced to investigate internal.
Insider threats fall into two categories – malicious and negligent; those purposefully seeking to harm an organisation and those error-prone insiders. Awareness and monitoring of these two employee types is a priority for cyber security professionals.
Negligent workers, or also referred to as a non-malicious insider, do not set out to intentionally cause harm. These negligent attacks accounted for 63 percent of insider threat related incidents in 2017 according to research by the Ponemon Institute. They may occur when someone downloads a questionable PDF or clicks an unsecure link in an email without considering the security risks.
Perhaps adequate cyber training has been negated or work pressures demand efficiency over considered deliberation. Recent research by Tessian and the University of Central Lancashire found that overworked employees lead to a lack of concentration and coincidentally creates malware vulnerabilities. Millennials are most likely to be classified as negligent workers and fall victim according to this research, finding one in five to have previously falling victim to a phishing email. The need for comprehensive risk training during the onboarding process is a continual responsibility for the IT department.
Chief executive of Tessian, Tim Sadler noted “it takes just one mistake – one email being sent to the wrong person or falling for one convincing message – to compromise your company’s data and ruin its reputation. Businesses, therefore, need to consider how they can protect their employees.”
As opposed to negligent workers, malicious insiders do set out inflict harm, whether that is through reputational damage or personal gain. These criminal insiders could work individually or collaboratively with external threats such as competitors. Given their malicious intent, these insiders are given priority with companies investing in dedicated teams and activity monitoring programs.
Tesla is one high-profile company to have fallen victim to a malicious insider. It was reported in 2018 that a trusted employee had “conducted quite extensive and damaging sabotage” to their operations. Target, Coca-Cola and Facebook also make the list of prominent companies to have fall victim to malicious insiders.
These malicious threats create a significant cyber security vulnerability. Under investing against insider threats, whilst tempting when weighing competing cyber-priorities, has proven detrimental. Implementing adequate security processes against these insiders however, raises complex questions as traditional measures used for outside attacks are typically ineffective. Multi-layered approaches that incorporate wide-ranging security tools should include a robust personal device policy and continual risk assessments.
Recent high-profile attacks at Tesla, Facebook and the US Government has proved no one is immune from insider threats. With insider threats costing organisations eight million annually, implementing measures that combat both negligent and malicious insider threats is an increasing priority for cyber security teams and vulnerability assessors.