Why Insider Threats Are Getting More Dangerous and How You Can Stop Them
Posted 26th October 2022
This article is from our LP Lowdown Newsletter
LP Lowdown, is LP Network's regular free newsletter designed to keep you up to date with all the latest IT news, security updates, and available products. Learn more.
For any sized business, when it comes to IT security, a difficult type of attack to detect is one performed by insiders. Insiders are classed as “anyone that has legitimate access to your company network and data”, either via a login or other authorised connection.
Because insiders have legitimate access to your IT systems, they can bypass some security defences you may have in place, especially those that were set up to keep external intruders out.
A recent report by the Ponemon Institute highlighted some troubling research. Amongst other things, the report found that since 2020:
- Insider attacks have increased by 44%
- On average, it takes businesses around 85 days to contain an insider threat, compared to 77 days in 2020.
- The average cost of addressing insider threats has risen by 34%
We think it’s vital for businesses to understand what constitutes an insider threat.
4 The Different Types of Insider Threats
There are many kinds of insider threats and this is what makes them difficult to detect. The insider could be an employee, a supplier or a hacker, but they can all attack the business from the inside. Of course, some insider attacks may be malicious, but some can be accidental.
There are four main types of insider threats faced by company networks:
A Malicious or Disgruntled Employee
An employee leaving the business may decide to take all their contacts with them. This would be classed as a malicious theft of company data. A disgruntled employee may also be upset because they have been fired or disciplined, and now want to do the business harm as a way of retaliation. It’s possible they could delete important data, or plant ransomware in the company’s system.
A Negligent Employee
Some employees can become negligent in their employment and whilst they may not mean to cause a data breach, their actions constitute one. For example, they may accidentally share confidential data on an unsecured platform. They may also use a public computer to access their business software without fully understanding the security consequences of doing so.
People with Third Party with Access to Your Systems
Contractors, freelancers, and suppliers within your business are all valid insider breach risks. It’s important to ensure that the access these third parties has is regularly reviewed. If someone has left the company, then their access rights need to be revoked immediately.
Attacked by a Hacker
Hackers often try to compromise the login credentials of a company’s users and therefore they are one of the most dangerous types of insider threats. When a hacker has access to an employee’s login details, then that criminal becomes an “insider” and as a result, your computer system views them as a legitimate user.
How You Can Mitigate Insider Threats
By nature, insider threats are notoriously difficult to detect after they have attacked your systems. That’s where strong mitigation measures in place before the attack happens are vital. Being proactive can help you to mitigate the risk to your IT systems.
Here are some of our top tips for reducing insider threat risk:
Make Sure You Undertake Thorough Background Checks
If you take on new staff – whether they be employees, contractors or freelancers - ensure that you complete a thorough background and reference check. This is also important to do for any suppliers who need to have access to your systems. Are your suppliers taking cyber security seriously enough?
Ensure Your Endpoint Devices are Secure
Did you know that mobile devices now make up about 60% of the endpoints in a business? But still, many businesses haven’t implemented a solution to manage device access to resources. This is where an endpoint management or mobile device management solution will help. You can put it in place to monitor device access and also use it to add devices to a safe list, as well as block unauthorised devices too
Do You Have Appropriate Multi-factor Authentication & Password Security in Place?
An effective way to fight insider attacks is via multi-factor authentication as hackers often find it difficult to get past the second factor. It’s also vital to use it with effective password security, including:
- Requiring strong passwords in your cloud apps
- Using a business password manager
- Requiring unique passwords for all logins
Secure password management tools are an excellent addition to business security.
Ensure Your Employee Data Security Training is Up to Date
Effective employee training around data security can help you mitigate the risk of a breach through carelessness. It’s a great opportunity to ensure that your employees are trained on proper data handling in the workplace. Find out more about our Staff security awareness training
Are You Monitoring Your Network?
If someone has accessed your system, then you can see what they’re doing through intelligent network monitoring. We suggest using an AI-enabled threat monitor which allows you to detect strange behaviours of users within your system as soon as they happen. This could be someone downloading lots of files and folders, or someone logging on from a different country.
Do You Need Help Stopping Insider Attacks?
A multi-layered security solution will be able to help you mitigate all four types of insider threats. We can help you with a robust yet affordable solution. Contact us today for a free consultation.