Blogs & Opinions 03.11.2023

Insider Threats: A Proactive Protection Strategy

Keep your friends close, and your insiders closer…

Insider threats are all too common but all too often undetected. Oseloka Obiora outlines strategies for detection and, more importantly, protection

In today’s digital landscape, organisations are navigating a treacherous cybersecurity terrain.

As well as shoring up their defences against the ever-evolving barrage of external threats, cybersecurity leaders are also faced with combating internal risks. In fact, Assured Intelligence recently compiled a list of the most significant insider threats in 2023.

In recent years, insider threats have emerged as a significant challenge. As businesses implement more digital solutions, the surface area for potential attacks grows. What many organisations neglect in their security strategy development is that this attack vector has two sides.

Individuals within any given organisation now have access to more data and endpoints than ever before, which breeds vulnerability. But not all insider threats are malicious. Indeed, human error accounts for a considerable percentage of security incidents that pose a significant risk.

According to research, insider threats account for 30-50% of all data breaches.

To tackle this issue effectively, we need to understand what insider threats are, what shapes they can take, and how we can defend against them.

Defining insider threats

Complex and often sensitive, insider threats pose a unique challenge for organisations, not least because they can manifest in various ways. From malicious insiders with ulterior motives to negligent employees who unwittingly jeopardise an organisation’s security, the root of an insider threat can differ from one to the next, making it difficult for businesses to cover all their bases effectively.

“Insider threats account for 30-50% of all data breaches”

Malicious insiders intentionally compromise security from the inside, often for personal gain or to harm the company. This category includes disgruntled employees, rogue contractors, or well-disguised corporate spies. Whatever their objective, the consequences of their actions can be catastrophic, leading to data breaches, intellectual property theft, and reputational damage.

Conversely, negligence insiders can be any employee who unintentionally creates security vulnerabilities through error, misuse, or failure to adhere to protocols. Many insider threats arise due to popular social engineering tactics like phishing attacks, poor password hygiene, or accidentally sharing sensitive information.

These kinds of insider threats are particularly problematic due to how common they are, and they’re becoming more prevalent and damaging in the age of AI.

Phishing attacks are already among the most effective methods that bad actors have at their disposal. A shocking 90% of corporate security breaches originate with a phishing attack, highlighting the significant threat the average user can pose to an organisation’s security.

Access to AI tools is making this threat far worse, with bad actors able to launch more sophisticated phishing attacks that are harder for both security systems and the human eye to detect.

Riddled with spelling errors and poor formatting, the traditional scam email wasn’t easy to identify, but hackers now use AI to eliminate such red flags. AI is also making these social engineering attacks more convincing by scraping personal information from the internet to make them appear more credible and, therefore, successful at convincing even tech-savvy users to share sensitive data or login information.

“AI is making these social engineering attacks more convincing by scraping personal information from the internet to make them appear more credible”

Organisations need to pay closer attention than ever before to the communications their users receive and the potential malicious links contained within.

But whatever the intent, the potential consequences remain the same. Protecting against these consequences requires a holistic approach, encompassing both proactive strategies for protection and an understanding but disciplined approach to the human element.

Proactive threat protection strategies

Fortifying a business against insider threats requires a proactive stance. It’s no use closing the barn door after the horse bolts, especially when that so-called horse can cause financial, operational, and reputational harm.

Here are some actionable strategies that can help safeguard digital assets and data against insider threats: 

  1. Control access: Ensure that only authorised personnel can access sensitive information. Think of it like locking doors in your home; not everyone should have a key for every door.  Multi-factor authentication and zero-trust policies can help make sure employees only have access to the data they need to do their jobs.
  2. Continuous monitoring: Employ tools like user, entity and behavioural analytics (UEBA) platforms that monitor user activities on your company’s computers and networks. These tools will issue alerts if any unusual activity is detected, allowing you to take action before damage is done.
  3. Employee training: Educate your employees about cybersecurity. They need to recognise potential threats and understand how to respond to them. Phishing awareness is especially critical given its prevalence and tendency to target lower-level employees.
  4. Data leak prevention: Use specialised data loss prevention (DLP) software to prevent accidental or intentional leaks of sensitive information from your company. These tools identify sensitive data and restrict its unsafe or inappropriate sharing, transfer, or use.
  5. Establish a reporting system: Create a mechanism through which employees can quickly and easily report concerns related to insider threats anonymously so fear of retaliation doesn’t create an obstacle to rooting out vulnerabilities.

The road ahead

Insider threats are a significant concern in today’s digital landscape, posing an ongoing challenge.

However, organisations can better protect themselves by defining the insider threat landscape, recognising its various forms, and implementing solutions that address these multifaceted issues.

At the same time, organisations must strike a healthy balance between trust and security by implementing clear policies, fostering a security-conscious culture, and engaging employees in the fight against insider threats.

The virtual world is a vital asset, but the consequences of poor security are all too real. Organisations must be vigilant and proactive in safeguarding their assets and data integrity against the shadowy threats that lie within.

Oseloka Obiora is the CTO of RiverSafe. He worked as an independent Information Security consultant for large enterprises prior to founding RiverSafe Ltd. He specialised in delivering Network Security and Threat Management solutions in various industry sectors, running these technical projects from cradle to full operations.

With over 16 years’ experience working in information security, Oseloka has worked on Threat Management implementation and optimisation projects for the likes of BP Oil, Royal Bank of Scotland, Thomson Reuters, and IBM Global Services. He has also served as a Security Architect for UBS and Philips Innovation.

He is a regular speaker at cyber events and recently spoke in the Houses of Parliament, warning MPs and industry leaders about the growing threat posed by the increasing volume of sophisticated cyber attacks.

Oseloka has a B Eng in Mechanical and Production Engineering and also holds a number of industry and vendor certifications (CISSP, SANS GIAC, IISP, Cisco, Splunk). He is also a founding member of the IoT Security Forum and a member of ISSA.

Latest articles

Be an insider. Sign up now!