Not all cybersecurity incidents come from external sources. The insider threat is particularly difficult to identify and can cause a great deal of harm to organisations. This means businesses need to focus on tackling threats from within. Not least because surveys suggest 20 percent of cyberattacks on organisations come from individuals within those organisations, acting intentionally and sometimes with premeditation.
Almond, a French independent player in cybersecurity, has published an “Insider Threat” report, looking at the significant changes across the past year. The aim is to chart the state of the threat, between malicious insiders – an individual or group of individuals who take advantage of their knowledge of the company’s information system – negligent insiders, ignoring security processes; and external insiders, such as a regular company partner or supplier.
The report finds that in many firms the insider threat is formidable, particularly because it is multi-dimensional and can outwit all the classic protection measures. Also, it is notably difficult to detect.
In order for companies to provide themselves with effective legal protection, contracts must include confidentiality, non-competition clauses, and internal rules of procedure must specify security regulations with regard to computer systems.
Furthermore, harm done to computer systems (unauthorised access to data, data theft, misappropriation of intellectual property, the divulging of business secrets, and fraud) needs to be tackled.
In order to combat insider threat, a company must first understand the true nature of it and the risks to the organisation. Then it must evaluate the consequences of malicious behaviour, set up appropriate security procedures, train all staff in the requirements of cybersecurity, impose a strict access policy (a “zero trust” approach), and, if necessary, use software for user behaviour analysis.
In the report, Almond provides numerous examples of insider threat causing major harm to businesses. It also analyses the behaviour of groups of cyber-criminals, notably regarding the “recruitment” of insiders, particularly from banks, hospitals, social network platforms, public services, and online payment platforms.
There are more and more examples of connections between insider threat and criminal organisations, which increases the breadth of the attacks. Classic means of defence are often difficult to set up and may be extremely burdensome.
As an example of such risks, one of these groups posted the following advertisement on Telegram: “Do you work for a company that you hate with all the depth of your being? Or did your boss fire you without thinking to stop your access to the computer system? You will find solace in our welcoming arms.”
