Insider threats continue to raise concerns

Much of the attention in cybersecurity has focused on overseas threats, such as the war in Ukraine and other robust cybercriminal activities in China and Iran. However, data shows that sometimes the most significant danger isn’t from some faraway hacker den. It could be the cubicle across the room. Or, in this work-from-home era, it could be the middle manager that toils away at their dining room table.

A recent report focused on insider threats found that three-quarters of respondents felt moderately or highly vulnerable to insider threats — an increase of 8 percent over the previous year.

Not all insider threats are criminal

The report states that this rise in perceived vulnerability coincides with a significant increase in insider attacks, as 74 percent of organizations report that attacks have become more frequent (a 6 percent increase over last year), with 60 percent experiencing at least one insider’s attack and 25 percent experiencing more than six attacks. Insider threats are not always criminal.

“Broadly speaking, an insider threat is anyone within an organization who threatens the organization. That could be Larry in accounting using a weak password or Joan in human resources not using MFA and leaving herself vulnerable,” says Gaston Williams, a cybersecurity consultant in Houston, Texas.

Williams adds that there is no one-size-fits-all defense against an insider threat. “Because of the broad definition of insider threats, the defenses against careless and capricious employees are very different.”

For a careless employee, Williams points out that user training and education programs delivered by an MSP can go a long way toward closing knowledge gaps and building a security culture. “But for someone on the inside who is determined to do deliberate harm, well, that is a different issue and much more difficult to defend against,” Williams warns. “If someone wants to cause harm, usually they’ll find a way to do it.”

A “culture of security” is the best defense

Achieving balance is key. “I’m not sure there is a lot to be gained by turning the workplace into a paranoid place where everyone is watching everyone else. Yet, being too lax can allow a determined insider to do real damage,” Williams says. He advises that the best defense is a robust one that builds a “culture of security” within the business.

“Monitor employees but explain why they are being monitored,” he recommends. “And only go after the harmful activity. If someone is RSVPing for their son’s friend’s birthday party on a work computer at work time, but it is not causing any security threat, I’d not be inclined to say a word. Monitor only for malfeasance. By doing that, you’ll sow goodwill and build trust.”

But why are insider threats increasing? The report sheds light on the increased “hybrid” nature of work that is behind much of the increase. “It used to be that you had a workplace campus purely to defend, which was relatively simple,” Williams says. “But COVID changed that. During the height of COVID, everyone was working from home, and that scrambled the cybersecurity calculus considerably.”

Human error more worrisome than malicious threats

Now, with the pandemic receding, we are left with a third way, explains Williams. “We are in a hybrid work world of some work from home and some from campus, and this creates a very tricky perimeter to defend.”

For MSPs, the insider threat is a growing challenge in an increasingly complicated cybersecurity landscape. “MSPs have to adjust to this new hybrid model, but also malicious insider threat vs. careless human errors, and that creates the need for multiple solutions,” Williams highlights.

The report indicates that more businesses are worried about the “careless operator” than the malicious insider. A couple of other key points from the report:

  • Among all potential insiders, cybersecurity professionals are most concerned about IT users and admins with far-reaching access privileges (60 percent). This is followed by third-party contractors and service providers (57 percent), regular employees (55 percent), and privileged business users (53 percent).

“So, the statistics show that the real concern isn’t malicious; it’s what we call `carelessness in the cubicle,'” Williams says. The good news, though, is that careless mistakes create opportunities for effective MSP user training in combating insider threats.

The report also says:

  • The rising threat of insider attacks is a strong driver for organizations to implement formal insider risk programs. 39 percent of organizations already have an insider threat program in place. Another 46 percent are planning to add insider threat programs in the future – this is a rise of 5 percent over the prior year.

“This also represents an opportunity for MSPs. Formal insider risk programs can go a long way to mitigating the threat,” Williams concludes.

Photo: LeoWolfert / Shutterstock

This post originally appeared on Smarter MSP.

Leave a Reply

Your email address will not be published. Required fields are marked *