Security

Top 5 Insider Threats to Look Out For in 2023

Unquestionably, ‘insider threats’ is one of the most neglected aspects of cybersecurity and some companies fail to recognize associated dangers.

Cyberattacks are growing more complex as technology advances. Many businesses concentrate their cybersecurity efforts solely on external attacks, which leaves more openings for internal risks. Some companies fail to recognise the danger of losing confidential information owing to employee negligence or malice. Unquestionably, ‘insider threats’ is one of the most neglected aspects of cybersecurity. According to statistics on insider threats, these threats may originate from employees, business contractors, or other reliable partners with simple access to your network. However, insider threat reports and recent developments have shown a sharp rise in the frequency of insider attacks. Because of these, cybersecurity professionals are now paying more attention to the detrimental effects of insider attacks.

In general, security experts need more confidence in their ability to identify and thwart insider threats successfully. 74% of respondents in an insider attack said their company was moderately to extremely vulnerable. 74% of respondents—a 6% increase from 2021—also claim that insider threat assaults have become more regular. In 2022, 60% of respondents said they had an insider attack, while 8% said more than 20. Insider assaults are more challenging to identify and thwart than external attacks, according to 48% of respondents. It can be challenging for defences to distinguish between insider threats and regular user activity since insider threats employ genuine accounts, passwords, and IT technologies. Overall, insider threats are becoming a more significant threat. These findings imply that security teams should prepare for them in 2023.

Organisations must be able to address the risks from malicious insiders who intentionally steal sensitive data for personal reasons and users who can accidentally expose information due to negligence or simple mistakes. 

Here are the top 5 threats security teams should look out for in 2023:

Employee Negligence

Employee carelessness or ignorance may result in unintentional data leaks, improper handling of sensitive information, or a failure to adhere to security policies and procedures. Negligence is to blame for more than two of every three insider incidents. Workers could not be cognizant of the possible hazards they bring to the company or might not prioritise security measures. They act carelessly, repeating passwords for personal and professional accounts or leaving flash drives with private data at a coffee shop without intending to cause harm. Some are unaware of their involvement and fall victim to social engineering techniques like phishing scams. Others may engage in negligent behaviour, such as evading security measures for convenience.

Malicious Insiders

Insiders who intend to cause harm to the company by stealing data, interfering with business processes, or selling confidential information are considered malicious insiders. These people might be driven by greed, retaliation, or a desire to upend the business. These people are currently employed. They might not be the most ardent supporters of your business, and they frequently vent their resentment by erasing or changing important data sets, leaking confidential information, or taking other sabotage measures. Turn cloaks are malicious insiders who consciously do something terrible to an organisation. A trustworthy business partner, contractor, or employee could be the insider. Turn cloaks may have ideological, vengeful, or pecuniary motivations. Some engage in clandestine activities like stealing private information or sensitive documents.

Insider Collusion

When two or more employees collaborate to steal information, commit fraud, or participate in other nefarious acts, this is called insider collusion. As a result of the employees’ collaboration and potential ability to conceal their activities, this type of danger might be challenging to identify. Whether intentionally or unintentionally, these threats serve a foreign power. They might be forced to divulge information by outsiders through blackmail or bribery, or they might be tricked into disclosing their login information via social engineering. The most challenging insider risks to identify are moles, which are potentially the most damaging. Moles function similarly to turn cloaks, except they join a firm intending to harm the organisation. Whether they support a nation-state or an unknown cause, they are frequently motivated by an intense political motive.

Third-Party Vendors and Contractors

Companies with access to sensitive data or systems may be at risk of insider threats from third-party suppliers and contractors. These individuals might adhere to different security procedures than full-time employees and have a lower stake in the company’s success. Not every insider works for the company. Suppliers, contractors, vendors, and other outside parties with limited inside access can pose an equal threat to staff members with the same rights. Most businesses outsource some of their work to specialised companies or outside agencies. These third parties are occasionally easy targets for cyber attackers because they lack advanced security protocols. Suppose these companies are provided privileged access to part of your company network. In that case, you can bet that the bad actors will infiltrate your system after compromising the partner’s security network, resulting in a third-party data breach.

Security Policy Evaders

The group of workers that prefer to ignore security policies and protocols is last but certainly not least. The business frequently has security policies created to safeguard its personnel and data. Some regulations could be burdensome and inconvenient, and some employees might choose the simple route. Contemporary businesses have security procedures in place to protect their critical data. These safeguards may bother some employees, who may devise workarounds that raise the risk of a data leak. These workarounds could jeopardise the security and data protection of the organisation. Policy evaders might be considered insider threats since they purposefully break security policies, procedures, and best practices.

Conclusion

Organisations can employ technological solutions like access restrictions, monitoring, data loss prevention technologies and insider threat solutions “to rein in their insider risk and prevent threats.” A thorough security plan should be in place and periodically reviewed and updated when new risks arise. Your company’s reputation, future growth, customers, and employees can all be protected by knowing how insider threats show themselves.

About the Author: Mosopefoluwa Amao is a certified Cybersecurity Analyst and Technical writer. She has experience working as a Security Operations Center (SOC) Analyst with a history of creating relevant cybersecurity content for organizations and spreading security awareness. She volunteers as an Opportunities and Resources Writer with a Nigerian based NGO where she curated weekly opportunities for women. She is also a regular writer at Bora.

Her other interests are law, volunteering and women’s rights. In her free time, she enjoys spending time at the beach, watching movies or burying herself in a book.

Connect with her on LinkedIn and Instagram

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Insider Threats)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

10 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

17 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.