Biggest Insider Threats of 2022: Lessons Learned and Key Takeaways for 2023
Share this on:
At the end of 2022, many cybersecurity companies published annual reports on the cybersecurity sector. Evolving and sophisticated attacks, scarcity of cyber resources, changes in data privacy laws, and highly experienced and trained bad actors are some of the cyber demons that tortured businesses and cybersecurity professionals throughout 2022. Additionally, these reports mentioned the insider threat lurking in the physical, digital, and cognitive domains and involving businesses’ most trusted entities: humans.
Businesses tend to underestimate the insider threat. They must realize that new trends such as working from anywhere, BYOD policies, phishing, smishing, and AI chatbot technology coupled with untrained, disgruntled, or disappointed employees increase the insider threat. Instead, businesses focus their concerns on securing the perimeter of their infrastructures to improve their cybersecurity posture and protect their tangible and intangible assets from outsiders’ cybercriminal activities. Undoubtedly, the insider threat shall not be overlooked.
An insider is every person who works for a business and contributes directly or indirectly towards its wealth and evolution. Insiders can be employees, partners, and contractors valuable to each company. They are an asset for every organization, but can also become a significant threat if overlooked.
What Are the Signs of Insider Threats?
The working environment evolves and gets more dispersed. Nowadays, employees enjoy working conditions from the comfort of their homes. They are allowed to use their personal computers for their work, the same they use to surf the internet and their social media world. They may even store their companies’ sensitive data, customers’ bio-data, and clients’ addresses on their laptop’s hard drive and plug their friend’s USB to copy a few photos of last weekend’s party. Negligence is a significant factor, but not the only one; employees can be malicious to leverage benefit out of their illegal acts.
Insider threats can be grouped into one of the following categories: a careless worker, a credential thief, or a malicious insider. Organizations must continuously oversee their operations and their insiders for signs that may trigger the “danger bell.”
These signs involve human behavior that deviates from the security framework and can be:
Lack of training to comprehend the applicable laws and the regulatory requirements.
Unawareness of the actions needed to protect the security of their devices, both BYODs and business-supplied.
Unintentional transmission of sensitive private data to an unprotected cloud location.
Violation of security regulations for the sake of simplicity.
Devices that haven’t been updated to the most recent version.
Remote access during off-hours, unexplained data exportation, and absence of vacation requests for prolonged intervals.
Facts and Impact of 2022’s Insider Threats
The impact of insider threats exponentially increases the direct and indirect costs for a business. Illegal activities and employees’ negligence impact organizational productivity, damage assets, increase the cost for a company to detect and remediate systems and processes, and have a legal and regulatory impact. Furthermore, businesses that suffer an insider attack lose confidence and trust among key stakeholders while diminishing their marketplace brand and reputation.
Insider threat incidents have increased by almost 50% over the last two years and have become more frequent.
The larger the organization, the more insider threat incidents.
Critical business information and sensitive data can be found in employees’ emails.
The cost of credential theft to organizations increased to 65%.
The mean containment time for an insider incident increased from 77 to 85 days. Incidents that took over 90 days to contain cost organizations $17.19 million on average.
More than half of the attacks were caused by negligence, while 1 out of 4 was by malicious insiders; the rest involved credential theft.
3 out of 4 respondents mentioned that malicious insiders use corporate email to steal sensitive data.
Advanced technologies, such as user behavior-based tools, AI, and machine learning, are important to prevent, investigate, contain, and remediate insider incidents.
Threat awareness and things to do
It is a positive sign that more organizations and businesses are aware of insider threats. According to Gurucul’s 2023 report, insider threats are a top concern for most organizations, while 75% of the respondents admitted they feel vulnerable to insider threats.
Businesses are trying to prepare themselves against evolving threats, although in many cases – especially across the cloud – they need more technical capabilities to detect and prevent them. The desire to become the best in their field puts them at a higher risk of insider threats. Wanting to go digital, the ongoing migration to the cloud, the accelerating use of endpoint and internet of things (IoT) devices, alongside the adoption of other strategies, always makes a company more vulnerable.
No matter how well the digital perimeter of a company is safeguarded, insider activity is difficult to control and can severely affect every company. The dangers posed by workers who may unintentionally disclose information due to carelessness or simple errors or by malicious insiders who steal sensitive material on purpose for personal gain must be addressed by organizations effectively. Some actions companies must consider to battle insider threats include tailored and engaging security awareness training, educational programs on the new threats, internal cybersecurity audits, and the use of specialized software products.
About the Author
Christos Flessas is a Communications and Information Systems Engineer with more than 30 years of experience as an Officer of the Hellenic Air Force (HAF). He is an accredited NATO tactical evaluator in the Communication and Information Systems (CIS) area and the National Representative (NatRep) at Signal Intelligence CIS and at Navigation Warfare (NavWar) Working Groups. Christos holds an MSc in Guided Weapon Systems from Cranfield University, UK. He has also attended numerous online courses such as the Palo Alto Networks Academy Cybersecurity Foundation course. His experience covers a wide range of assignments, including radar maintenance engineer, software developer for airborne radars, IT systems manager, and Project Manager implementing major armament contracts.
Christos is intrigued by new challenges, open-minded, and excited about exploring the impact of cybersecurity on industrial, critical infrastructure, telecommunications, financial, aviation, and maritime sectors. Christos is also a writer for Bora.
Disclaimer: The author is completely responsible for the content of this article. The opinions expressed are their own and do not represent IEEE’s position nor that of the Computer Society nor its Leadership.