The problem posed by insider threats is even greater, with 68% of organizations reporting an increase in the frequency of insider attacks in the past 12 months. Insider threats refer to cyber threats that originate from within an organization. This means that employees who have been granted access can abuse their privileges to steal or leak sensitive data. However, insider attacks are not always intentional; privileged IT users can unknowingly compromise a company's security. In fact, negligent employees or contractors are at fault in 62% of insider incidents.
Don't overlook the potential impact of insider threat attacks. Business leaders increasingly recognize the importance of ensuring sensitive assets are protected, as their organization's revenue and reputation are at risk. Businesses must prioritize improving identity security to protect critical assets. Controlling who has privileged access to sensitive information is especially important to prevent data leaks from within an organization.
Business leaders should keep in mind that the risk of a data breach occurring is even greater in today's volatile economic climate, where financial gain can be a key factor for malicious insiders. you need to keep it. Therefore, organizations must be prepared to weather economic uncertainty and counter the proliferation of insider threats exacerbated by current workforce dynamics.
Senior Director of Architecture Services and Incident Response at CyberArk.
1. Identity security risks due to workforce reductions
Companies should keep in mind that firing or resigning employees carries the risk of confidential information being exposed. According to the 2023 CyberArk Identity Security Threat Landscape Report, 58% of security professionals worldwide report instances where departing employees store sensitive work documents outside of policy. doing. Therefore, in the face of organizational turmoil, concerns about attrition may increase and insider threats may proliferate.
One such example is a high-profile insider threat incident at a major beverage company. In this case, nearly $120 million worth of confidential trade documents were leaked after an engineer learned the company was planning to lay him off. This engineer was one of only two privileged users who had exclusive access to the details of top-secret chemical formulas. Although she was ultimately convicted and sentenced for the crime, the case raises the challenges many companies face in protecting intellectual property and confidential information, especially during employee transfers. is reflected. In fact, according to 68% of security decision makers around the world, layoffs and employee changes will raise new concerns about identity security in the next year.
2. Issues in building third-party relationships based on trust
Employees have insider access to sensitive information, but they're not the only ones who can potentially leak sensitive company data. Third-party vendors such as contractors may also be involved in insider threats. If a third-party relationship ends and privileged access to business documents is not immediately revoked, the vendor may continue to view and share sensitive company information regardless of the circumstances. Therefore, even if an organization and a third party end a good relationship, there is always a risk that company assets will be misused.
In addition, external attackers can compromise and exploit third-party vendors to gain access to business partners' sensitive information. For example, several years ago, malicious actors exploited a third-party application used by Marriott Hotels to gain access to sensitive guest information. The attackers were able to successfully log into the application using the credentials of two Marriott employees, resulting in the compromise of the personal records of 5.2 million Marriott guests. Thus, the Cyber Ark 2023 Identity Security Threat Landscape Report reveals that security experts believe that third parties, including partners, consultants, and service providers, represent the most at-risk human identities. No wonder it became so.
3. The correlation between escalating “recentiment” and insider threats
In today's uncertain economic climate, filled with layoffs and recession concerns, most employees don't want to risk losing their source of income. Last year's mass resignations made a lot of headlines, but the trend of resignations appears to be slowing, with many employees staying in their current jobs even when they are dissatisfied with their jobs or experiencing burnout. It seems there are. This gave rise to a workplace buzzword known as “rusantism,” which describes workers who are dissatisfied with their current position and openly express their dissatisfaction.
This phenomenon can have a very negative impact on workplace culture and productivity, and can lead to malicious insider threat incidents. For example, an employee who feels undervalued and whose promotion requests are repeatedly denied may feel resentful towards the organization and be motivated to steal or leak sensitive data in order to “get even.” There is a possibility that Some employees may openly advertise their ability to abuse their authorized access and compromise the organization's security. 63% of companies do not adequately protect the top-secret access granted to employees, giving malicious actors ample opportunity to steal sensitive information.
4. Economic hardship is driving data breaches
Many individuals across the UK are facing financial hardship due to rising inflation and rising costs of living, which may ultimately lead to an increase in economically motivated insider threats. Research shows that abuse of privilege (employees abusing authorized access) is the leading cause of intentional internal data breaches, and is often combined with fraudulent transactions. 59% of all data breach incidents have a financial motive.
A typical situation involves a financial administrator with privileged access to a system where bank accounts and routing information are listed, fraudulently transferring funds to his or her personal account. This practice poses considerable challenges as it not only allows individuals to redirect large amounts of resources away from the organization, but also proves difficult to track.
5. Increased employee stress levels raise security concerns
Attrition and turnover place a significant burden on remaining employees, often leading to increased stress levels due to the additional work and responsibilities they are expected to take on. This can directly lead to more mistakes. As a result, overworked and stressed employees are more susceptible to phishing and other forms of social engineering attacks. Factors such as burnout, which affects 59% of senior cybersecurity professionals in the UK, are compounding the problem as security teams are not as vigilant as they should be against potential risks. Masu.
Overworked and stressed employees can make it easier for phishing attackers to “hook” their credentials, with 50% of employee identities accessing sensitive company data Given this, these individuals serve as ideal points of entry for attackers seeking access to corporate assets.
It’s time to remove trust from your identity security strategy
In today's challenging economic climate and evolving threat landscape, insider threats are a serious problem. In the face of these increased security risks, organizations must now prioritize zero trust and least privilege approaches. This strategy gives you complete visibility and control over who has access to your company's sensitive data, making it easier to quickly detect access fraud and respond quickly to prevent data breaches. Only by removing trust from the equation can businesses improve their cyber resilience, develop a robust identity security strategy, and protect their critical assets.
We've featured the best business VPNs.
This article is produced as part of TechRadarPro's Expert Insights channel, featuring some of the brightest minds in technology today. The views expressed here are those of the author and not necessarily those of his TechRadarPro or Future plc. If you're interested in contributing, find out more here. https://www.techradar.com/news/submit-your-story-to-techradar-pro
