An organization’s employees are one of its most valuable assets and its most vulnerable cyberattack surface.
While many cybersecurity threats come from outside an organization, Verizon’s 2023 Data Breach Investigation Report found that one-fifth of cybersecurity incidents were caused by insider threats, which were the result of both deliberate misuse and inadvertent human errors.1 Notably, chief information security officers (CISOs) have said that “insider attacks are their worst nightmare[s] because identifying and stopping these kinds of breaches is so challenging.”2 Indeed, no enterprise or SMB is immune to insider threats. To detect and prevent them, organizations must take proactive approaches to identify and thwart insider threats before they cause a serious cybersecurity incident.
Double Down on Digital Hygiene
This solution is so simple that some may underestimate its effectiveness. Nonetheless, many individuals continue to practice poor digital hygiene. For example, they may fail to update account credentials after a data breach, maintain strong, original passwords for all accounts and install the latest software updates. These simple shortcomings expose organizations to unnecessary cybersecurity vulnerabilities. Even marginal improvements to employees’ digital hygiene can have an outsized impact on improving an enterprise’s cyberreadiness.
Verizon’s report notes that 74% of breaches include a human element, such as the use of stolen credentials or social engineering attacks.3 This finding underscores the effect that a simple step, such as using an original password for all accounts, can have on mitigating the risk of a data breach. Critically, organizations should not leave this to chance. Teaching employees how to follow digital hygiene best practices and implement accountability solutions ensures that best cyberpractices are followed. For example, providing employees with password managers to help ensure strong passwords, leveraging network monitoring tools to detect suspicious activity, and overseeing the installation of antivirus software on all devices collectively helps bolster security. Additionally, enterprises can use data loss prevention (DLP) tools to track and help prevent data breaches.
Assume Employees Will Fall for Phishing Scams
Most data breaches begin with a phishing attack, turning unwitting insiders into accomplices in increasingly devastating cyberattacks. More than 3 billion phishing emails are sent daily4 and these messages are steadily becoming more difficult to detect and defend against.
What were once telltale signs of a scam—such as egregious spelling errors or implausible scenarios—have been replaced by highly personalized content reaching people’s email inboxes, text messaging applications (apps) and other digital communication platforms. In this environment, enterprises should prepare for the inevitability that someone will fall for a phishing scam and put the requisite defenses in place to ensure that a single click on a false link does not create a data disaster.
Some defense methods may include ensuring visibility into all networks and systems while outfitting enterprise networks and computers with analytics endpoint DLP software to identify possible responses and mitigate consequences.
Recognize Malicious Insiders
Malicious insiders (i.e., internal users who compromise network integrity or data privacy on purpose) are undoubtedly a minority, but they pose a serious threat to enterprise security. They can be motivated by many factors, but a sudden job change from layoffs or terminations is a factor that cannot be ignored. For example, one survey found that 87% of employees took data they created to their new jobs,5 and Bloomberg reports that “employees are 69% more likely to take data right before they resign.”6
Malicious insiders…are undoubtedly a minority, but they pose a serious threat to enterprise security.
To prevent malicious insiders from stealing enterprise or customer data on their way out the door, organizations must cultivate the capacity to proactively identify the signs of data misuse and prevent employees from downloading, sending or otherwise disseminating sensitive information. This includes the ability to:
- Scrutinize and obstruct email exchanges suggestive of data leaks
- Restrict file transfers to all destinations, encompassing the public cloud and external USB storage
- Deny access to users during non-operating hours or when connections originate from unfamiliar sources and IP addresses
- Detect and halt dubious email operations, such as insecure data distribution
By identifying malicious insiders, enterprises can deny them the capacity to use their privileged access to wreak havoc on data security and IT integrity.
Ready Your Response
The moment a cybersecurity or data privacy threat is detected is not the time to decide how to respond. The most secure organizations have already readied their responses, leveraging a rehearsed playbook to mitigate the damage. Enterprises can ready their responses by creating plans detailing actions involving not only the IT team but also key personnel in management and legal, public relations (PR) and human resources (HR) departments. In addition, regular drills designed to evaluate an organization’s cyberreadiness help ensure that all stakeholders understand their roles, while continuous updates keep the playbook relevant to evolving threat landscapes.
By having a predefined strategy, organizations can act swiftly and decisively, reducing potential losses and protecting their reputations.
Investigate Incidents to Continually Improve
With the right information and insights, any cybersecurity incident can become a learning opportunity that makes the organization’s defensive postures stronger moving forward. Forensic tools are fundamental in this endeavor, providing the capacity to trace and understand the sequence of events during a breach. Features such as session playback and optical character recognition (OCR) allow for the extraction of covert activities hidden within unstructured data and offer a granular understanding of the breach timeline.
Moreover, insider threat monitoring software captures detailed logs of user and administrative actions, providing valuable forensic evidence and learning opportunities to minimize vulnerabilities moving forward.
Conclusion
Employees are an organization’s greatest asset, but unfortunately, they also represent the most susceptible surface for cyberattacks. With their unique access to systems and data, employees sit at the front lines of this digital battlefield. Their actions, deliberate or inadvertent, can significantly impact an organization's security posture. This understanding should drive organizations to invest not only in advanced security technology, but also in the ongoing education and empowerment of their teams, ensuring that everyone can anticipate, prepare and respond to the cybersecurity threats that will inevitably come their way.
Endnotes
1 Verizon, 2023 Data Breach Investigations Report, USA, 2023
2 Columbus, L.; “Top 10 Cybersecurity Findings From Verizon’s 2023 Data Breach Report,” VentureBeat, 13 June 2023
3 Op cit Verizon
4 Palmer, D.; “Three Billion Phishing Emails Are Sent Every Day. But One Change Could Make Life Much Harder for Scammers,” ZDNET, 23 March 2021
5 Rittman, D.; “Guest Essay: Wise Precautions Companies Can Take to Prevent Data Loss in the Wake of Layoffs,” Security Boulevard, 13 February 2023
6 Martin, A.; “When Employees Leave, Sensitive Data Often Leaves With Them,” Bloomberg, 18 January 2023
Isaac Kohen
Is chief product officer and founder of Teramind, a leading global provider of insider threat management, data loss prevention and productivity optimization solutions powered by user behavior analytics. Serving enterprises, governments and small and medium-sized businesses (SMBs), Teramind has provided more than 10,000 organizations around the world with actionable, data-backed workforce insights that reduce risk, increase productivity and streamline business operations.