We often hear about cyber-attacks and the need to protect ourselves from the vast array of malicious threats that may bring financial and operational catastrophe to our organisations – and quite rightly; significant time and budgets are allocated to protecting our networks against such attacks.
Frequently, less consideration is given to the hazard of the insider threat, yet according to IBM’s 2019 Cost of a Data Breach Report, 49% of incidents stem from human error and system glitches, with 24% of the breaches being caused by negligent employees or contractors.
Pausing for thought on this… did you know that almost half of data breaches are caused by accident!
Does one cap fit all?
The threat of a disgruntled employee sabotaging physical / electronic assets or maliciously exploiting their legitimate access to assets is, of course, real, and this must be factored into any cyber security policy. It may seem unfair that the trustworthy, loyal employee who clicks on a malicious link in ignorance is categorised under the same ‘insider threat’ umbrella as the malicious employee… But the fact of the matter is that the consequences are the same, regardless of the intention behind the breach.
Employers must anticipate the risk employees pose, and put in place a strategy to protect their networks.
How are employees creating risks?
Some risky behaviours of employees include sharing files over the cloud, accidentally downloading malicious apps, clicking on phishing links, having easy passwords (or writing them down and reusing them!), playing online games during breaks or even listening to music. Digicert report that 63% of employees use their work device for personal reasons such as online banking, social media and shopping. 94% of employees connect their laptops or mobile devices to public wifi, and 69% handle work-related data on these networks, additionally, businesses tend to overlook the danger in employees personal devices. These actions create opportunities for the cybercriminal looking for a way to penetrate a network.
What can employers do?
Cyber security awareness
It is sensible to push for an attitude across the board within our organisations that sees cyber security as an integral part of the business’s daily operations, in order to communicate to employees how easy it is to make a mistake and the detrimental impact the absence of knowledge can cause. Developing and deploying regular insider threat training will establish a set of values and boundaries, adhered to by all, that will help employees become more security conscious.
Backups are essential for a speedy recovery from a cyber-attack and a swift return to business as usual. It is important to not only back up, but to regularly monitor and test your backups. Be aware of restoration times – particularly if restoring from the cloud, as large amounts of data could take a number of days to download.
User access rights / insider risk assessment
Ensuring that individuals’ access rights to certain devices, applications and sensitive information are set appropriately will ensure that access to company assets is granted only to those who require it for the purpose of their job. Accounts with higher privileges have enhanced access and therefore bring the increased risk of a breach, thus it is sensible to undertake an insider risk assessment in order that you fully understand the what vulnerabilities exist in your existing user access controls.
- What are your critical assets?
- What threats exist for each asset?
- What is the likelihood of that threat happening?
- What is the impact to your business should the threat occur?
- Review the adequacy of current countermeasures
The Cyber Essentials website provides an interesting example of the damage caused by an unassuming employee who inadvertently downloaded some ransomware whilst being logged in with a fully privileged ‘admin’ account. The ransomware was able to encrypt the entire network which wouldn’t have been possible if the user had been using a regular account. For more information on this and for more Cyber Essentials advice, click here.
Accidents do happen!
Implementing the above cyber security principles and adopting them as an ongoing part of a healthy business strategy will reduce the risk of insider data breaches. If you’d like to chat to our team in more detail about insider threats, get in touch today.