Insider threat set to grow, warns expert security panel

A panel at IP EXPO also warns that cyber criminals will soon start to use machine learning and artificial intelligence in their attacks

The insider threat - a member of staff who either maliciously or negligently allows sensitive corporate data to fall into criminal hands - is set to grow in the next two to three years, a panel of experts has warned.

Speaking at technology conference IP EXPO in London this month, Dave Palmer, director of technology at security firm Darktrace, named privacy advocate and former US government employee Edward Snowden as an example of an insider.

"I think we've got more to see from insiders, that's a threat we're starting to become familiar with, like Edward Snowden for instance," said Palmer. "We're going to see some insiders either deliberately or accidentally do enough harm to totally debilitate a business' operations, that will happen within the next three years," he added.

"I strongly agree," said James Lyne (pictured), global head of security research at Sophos. "The insider is one of the most challenging threat actors to capture compared to the others."

Lyne also warned that hacking groups and even nations will start to use different hacking techniques in future.

"I'm wary about how hackers will use the various tools and techniques in future. We're used to expecting 'group X' to use certain types of techniques, but we'll see more nation states using traditional cyber criminal tools, so we need to continually evaluate what we know about those groups."

Troels Oerting, former cyber crime chief at law enforcement agency Europol, and current group CISO at Barclays, said that his approach to cyber security hasn't changed since he moved into the private sector.

"I work for a bank now not Europol, but I haven't changed my mind. I look at the adversaries and ask, what do they want? Money, information? Then I look at the tools. One of those tools is the insider, it's both a threat and a tool. We'll see more of the same in future, but with an increased sophistication, and perhaps the possibility of machine learning and AI being used by cyber criminals to speed up their attacks against us."