Business and insider threats

Research suggests that more than half of all businesses find it exceedingly difficult to identify, detect and prevent insider attacks. Most businesses can’t seem to spot the early signs that an insider is preparing to carry out some means of cyber attack. 

Finding a Trail 

Businesses are missing out on early indicators that something could be wrong such as staff circumventing security protocols, masking their online presence and unusual amounts of files being opened or moved and saved to strange locations. This type of activity might suggest that an employee or cybercriminal working with an employee might be planning malicious activity. There may be many reasons why an insider threat could be taking place, for example an employee might plan to take confidential data when leaving for another job or they may be working with hackers to lay the foundations for a ransomware attack. 

Generally speaking an insider planning an attack will follow a repetitive pattern of activity from reconnaissance to circumvention and covering their tracks, which would all suggest that something is amiss. However businesses struggle to detect warning signs of an insider threat in the early stages due to lack of effective monitoring. Reports state that only a third of all businesses believe that they are effective at preventing data from being stolen and leaked from their organisation.    

Who’s Responsible? 

One of the reasons that insider threats are particularly difficult to detect is because there is a lot of confusion around who is responsible for mitigating risks. According to a survey 15% of people suggested that it was the head of the organisation that held responsibility, while another 15% believed that no single individual held full responsibility - meaning that managing, detecting and preventing risks from being exploited can fall through the cracks. There are several factors that can make detecting cyber threats difficult from lack of staff training in cyber security to low budgets to invest in the appropriate security measures and even the move to remote working. All of these issues and more make it hard to mitigate cyber security threats. 

A stable security posture is what is needed for companies to improve their ability to detect insider threats and stop them before serious damage can be done. Having a clear authority for controlling and mitigating risks and investigating suspicious activities will help keep sensitive data secure and allow organisations to function efficiently.  

Protect Your Business 

• Cyber security Risk Assessment - Performing risk assessments on a routine basis can help identify vulnerabilities to critical assets. These assessments should help you make decisions about the risks arising from internal threats and to establish appropriate security measures to eliminate the identified threats. 
• Training and Vetting Your Employees - Training employees is vital to an organization's success, without the adequate training an employee could potentially miss a risk and put the business in danger of a cyber attack. However it is also prudent to vet employees before they start working for you as insider attacks come from insiders who at one time or another were hired and went through on boarding, training, and could pose a risk to your business if they are capable and had the means to inflict damage. 
• Identity and Access Management - IAM solutions help businesses mitigate the risk of unauthorised access privileges and policy violations. IAMs control how users gain an identity, the roles assigned, and permissions granted to that identity as well as the protection of that identity. 

Any business small or large can suffer an insider attack. Insider threats are harder to identify than an external threat and can go undetected by firewalls and detection systems. However if you are careful and meticulous in your security regimen, and know what to look for and how to act when faced with an insider threat, your business will be at much lower risk.