Welcome to part three of our four-part series exploring the common cyber threats within the Caribbean and how to strengthen your organization's resilience by preparing for them.
External threat environments can be disconcerting. Organizations are constantly exposed and attacked, so it is natural to focus on safeguarding your organization against external threats. Internal threats, however, are often overlooked, and these can be equally damaging as external threats.
WHAT IS AN INTERNAL (INSIDER) THREAT?
An insider threat is a cybersecurity threat that originates from within a company and can either be intentional or unintentional. It typically occurs when a current or former employee, contractor, vendor, or partner with legitimate user credentials abuses or misuses their access to the company's networks, systems, and data
Traditional cybersecurity policies, procedures, and systems frequently focus on external threats, leaving the company vulnerable to internal attacks. Insiders often have legitimate access to data and systems, making it difficult for security professionals and applications to tell the difference between legitimate and malicious activity.
TYPES OF INTERNAL THREATS
Insiders who are malicious intentionally use their credentials to harm an organization for personal gain or as a form of retaliation. Many insiders, for example, are motivated to engage in malicious behaviour because of unmet expectations related to a lack of recognition (e.g., promotion, bonuses) or just after termination. Insiders who are malicious may work with outsiders to carry out their attacks.
A nefarious hacker or malicious spyware isn't the most dangerous threat to your company's cyber security- it's your employees.
Because of their familiarity with enterprise systems, processes, procedures, policies, and users, malicious insiders have a distinct advantage over other types of malicious attackers. They are keenly aware of system versions and the vulnerabilities therein.
Unintentional Data Breaches
Unintentional data breaches can be accidental or the result of negligence and exposes an organization to threat. Negligent insiders are usually aware of security and/or IT policies but choose to disregard them. An accidental insider threat occurs when employees aren’t well-educated on proper protocol, such as opening a virus-infected attachment in a phishing email or improperly discarding sensitive documents and exposes an organization to unintended risk.
Improperly Configured Systems
System settings that are improperly configured do not comply with industry security standards, which are essential for maintaining security and reducing business risk. Improperly configured systems can cause significant damage to organizations, resulting in catastrophic data leakage issues. The 2019 Teletext data file exposure, which was caused by an insecurely configured Amazon Web Service (AWS) web server, was a noteworthy example.
Security may be overlooked due to a lack of resources. Organizations may have limited resources to prioritize security initiatives, and skilled cybersecurity personnel are difficult to find, costly to hire, and challenging to retain. The pandemic has exacerbated the shortage of cybersecurity professionals. According to (ISC)2, a pre-pandemic assessment, the cybersecurity workforce must grow by 62% to meet the current expectations of US enterprises.
Insider threats are the cause of most data breaches. According to the Ponemon Institute's Cost of Insider Threats Global Reports for 2020 and 2022, the average cost of insider-related incidents increased from $11.45 million in 2019 to $15.38 million in 2021. Among the notable violations are:
1. In 2018, a Facebook security engineer was accused of using his access to stalk women online.
2. In 2019, a former Amazon employee used his insider knowledge to steal over 100 million customer records.
Therefore, we must tackle insider threats with as much rigour as external threats. The strategies you use to mitigate internal threat risk will differ depending on the threats discussed earlier. Leveraging the aid of IT professionals to develop a program, combined that with a strict cybersecurity policy, will provide significant benefits.