Cyber Security: Minimising the Risk of Insider Threats

Cyber Security: Minimising the Risk of Insider Threats

In this new age of hybrid working and accelerated digital transformation, the cyber security landscape continues to throw out new and increased threats. With coronavirus as the primary agent of change, new ways of working are causing a shift in employment culture and a notable increase in the threat of attack or breach from the inside. In this article we will outline the main types of insider threat, why insider threat is growing, and how to reduce the risk of cyber breach or attack from inside the workplace.

What Is Insider Threat?

Verizon’s 2020 Data Breach Report shows that 30% of cyber breaches are caused by insider activity, be that deliberate or accidental.

Insider threats may come from current employees, former employees or contractors, all of whom will have access your company data and be familiar with your security protocols including areas of vulnerability. New hybrid and remote working models are creating more opportunities for insider breach or attack. Insider threat is difficult to control and the effect an insider breach or attack can have on an organisation could be devastating, both financially and reputationally.

Intentional insider threats are usually motivated by financial gain, revenge, or espionage; unintentional insider threats are typically the result of carelessness or poor security practices.

Organisations can take steps to prevent insider threats. First, let’s look at some of the key indicators that your organisation may be at risk.

Intentional Insider Threats – Red Flags

Employees who are deliberately planning an insider attack usually leave clues to their intention. Manual monitoring is necessary if you are to notice these indicators and take steps to stop a breach. You should look out for any of these behaviours:

• Requests for access to files or data that is outside of the remit of their role or level of seniority
• Downloading significant amounts of internal data or copying files from sensitive folders
• Extensively using storage devices such as USB drives
• Searching the network for sensitive data
• Unusual patterns of emailing data outside the organisation

Accidental Insider Threats – Education is Key

The UK Government’s Cyber Breaches Survey states that 83% of cyber-attacks on businesses are from phishing attacks. While you can put technical controls in place such as…

• Boundary firewalls and internet gateways
• User Access Controls
• Malware protection
• Email protection
• Patch management

…It has been proven repeatedly that the best way to prevent a phishing attack is to educate and train your employees to identify phishing attempts. They are your business’s last line of defence.

How can you prevent insider threat?

Before you begin to build your defence strategy, first you need to acknowledge the threat is real. It’s difficult for employers to believe that employees might have bad intentions however an objective, “zero trust”-type approach must be taken. Next, you need to dedicate time, skills and resource into building a programme. Here are a few preventative tactics to consider:

1. Educate your employees about security risks. Make sure they understand the importance of keeping confidential information safe. Put in place a regular training programme.
2. Implement robust security measures and technical controls. This includes things like multi-factor authentication and manual activity monitoring. Government-endorsed processes such as Cyber Essentials Accreditation will tick all your security boxes and minimise risk. You can also download the National Cyber Security Council’s 10 Steps to Cyber Security – it’s a comprehensive, easy guide that is designed for business owners to easily understand.
3. Conduct background checks on all new hires and put in place strict leaver and joiner procedures that ensure access to sensitive data is controlled.
4. Work with your Managed Service Provider to scope and implement a Cyber Security Policy that includes:

• When, if at all, personally-owned devices can be used to access business information
• Defining what staff are allowed to do when using company IT devices
• Procedures for remote, mobile or hybrid working
• What you can or cannot store on removable devices such as USBs

Insider threat is a very real and dangerous threat to businesses of all sizes. While there are many ways to prevent it, the most important thing is to be aware of the problem and to take steps to protect your business.

Contact us for support or information on how to minimise the risk of cyber security breaches or attack.

Join our 30 minute webinar with law firm Field Seymour Parkes (or watch it on playback) for practical and legal advice on protecting your business from rogue employees.