As the cybersecurity landscape has evolved over recent years, so too have the threats that businesses face. With the nature of these threats ever-changing, staying protected is becoming harder and more expensive. Whilst external threats from cyber criminals are often the focus of security budgets, in reality it is internal threats that are most likely to lead to compromised defences. A recent IBM study revealed that 95% of security breaches were a direct result of human error, and 94% of breaches started with an email.
These internal threats are manifested by malicious insiders, people within the organisations. There are 4 types of internal threats:
- Compromised insiders are employees who have unknowingly given out their credentials in error, and as a result an outsider can use that information to access sensitive content.
- Careless insiders are employees who have not followed company protocols, such as saving sensitive information on an unsecured device or sending it to an unknown source.
- Malicious insiders are employees who are actively seeking to cause damage or harm to their businesses through their actions. They are fully aware of what they are doing, understand that it is wrong, but proceed regardless.
- Abusive insiders are employees sending abusive or inappropriate material around the internal network that the network’s defences are inadequately equipped to detect. This prevents the appropriate people from being notified, so actions can’t be taken to resolve the issue.
Increased spending on security hardware and software is only part of the solution for greater cyber resilience. Although it will help to nullify the threat of malicious and abusive insiders, a different approach is required to tackle the risk of compromised and careless insiders.
Human error and lack of awareness can’t be solved without training for cybersecurity best practices, which will help users to make better decisions when using their work and personal devices. Realistically, no amount of training will fully eliminate human error, but having better informed employees will help to minimise the risk of a breach. It is also important to have a business continuity plan for if a breach does occur. This will help to minimise downtime during a breach and ensure that business operations continue smoothly.
The concept of a perimeter as we have previously known it is slowly disappearing, and the struggle against cybercrime has moved inside the network. With this shift, organisations need to rethink their security strategies as well as the tools they have traditionally come to depend on.