In the cyber security space, most people think of a group of cyber professionals forming a line of defence against external threats like hackers. While it’s true that malicious hackers present an increasing problem for UK businesses, as outlined in our Blue Team, Yellow Team and Red Team blogs, this isn’t the only concern for an organisation’s cyber team. Sometimes, the threats come from somewhere a little closer to home.
Insider threats, referring to a cyber security risk that comes from within an organisation, are an often overlooked aspect of an organisation’s cyber resilience. However, according to Security Intelligence, 60% of data breaches are primarily caused by insider threats. With cyber attacks rising it’s even more important for businesses to be vigilant against the most common form of cyber attack.
Unlike other forms of cyber attack, insider threats can be difficult to identify against normal activity, because the offender will likely have security authorisation. Insider attackers also have an advantage over outside threats because of their knowledge of systems and users, making it easier for them to manipulate procedures.
Keeping an eye out for malicious insider threats can be a little more complex than regular training. As the likeliest cause is a dissatisfied employee or former employee, addressing problems before they escalate to cyber security breaches is the best course of action. While it’s difficult to spot insider threats due to the nature of the attacker having authorisation, it’s best to keep an eye out for unusual activity. This can look like an employee accessing resources irrelevant to their job, or signing into the network at unusual times.
However, not all insider threats are malicious in intent. In fact, a large proportion of data leaks from within an organisation are inadvertently due to phishing, human error, and sharing credentials between employees. In other words, a lack of cyber security knowledge and awareness among employees.
To tackle this, it’s important for businesses to ensure employees are educated on good cyber security practice and have regular training on social engineering scams.
While it’s important for cyber security professionals to remain vigilant against external threats to systems, the fact that this only makes up 40% of data breaches underlines the need to address issues coming from within the organisation.
Part of this means increasing cyber literacy among employees to help protect businesses against themselves and threats which surface due to a lack of awareness and knowledge. At the same time, it’s important for businesses to appreciate the significant risk posed by malicious insider threats and to implement processes which minimise the risk.
It is only by acknowledging the prevalence of insider threats and implementing a dual strategy to mitigate them that businesses can properly protect themselves. This will help contribute towards making the UK the safest place to work and live online.
To read more Thought Leadership content from the Council visit: https://www.ukcybersecuritycouncil.org.uk/thought-leadership/