When it comes to cyber security threats, organisations cannot afford to take a reactive approach and merely respond to issues after they have occurred.
This is especially true of insider threats - that is, threats posed by individuals from within an organisation, such as current or former employees.
With malicious insider incidents averaging costs of almost $650,000 and negligent users giving rise to $484,000 losses, while taking an average of 85 days to contain, the damage to reputation, productivity and security may be difficult to recover from.
Data loss and breaches can often be traced back to an individual's actions, whether that is a malicious attacker, a disgruntled employee or a careless user.
Computing research conducted in 2022 found that insider threats are a top three risk for one in five organisations. This is unsurprising, given the widespread shift to remote working and rapid digital transformation in 2020. That unintentionally set the stage for insider threats, both malicious and accidental, to expand.
Greater use of the cloud, as well as employees using personal devices at home and on an array of networks, has meant that systems, tools and applications are increasingly vulnerable.
Ensuring your organisation is protected requires a proactive approach comprising both technical and non-technical emphasis.
The risk signs
"Problem in chair, not in computer" (PICNIC) is a term used to convey that security breaches are often the result of human error or intent - ill or otherwise. If employees do not receive effective training that stresses the importance of cyber vigilance, they may inadvertently cut corners.
Unaware of the risks they face, users will break security policies to reduce friction in their day-to-day workloads. Forgetting to regularly update and patch their devices, misplacing devices, or sending confidential data to unsecured locations are all problems that can arise because of poor cyber hygiene.
Employees are more likely to respond to ongoing education and support rather than targeted coaching after making a mistake. Encouraging your workforce to continually learn and improve on how they interact with data will ensure your entire organisation is one step ahead of vulnerabilities.
The importance of real-time monitoring
As well as careless users, malicious insiders pose a real threat to organisations and their data. No amount of training can prevent malicious intent. However, holistic visibility and monitoring can prevent this intent from wreaking real damage.
Departing employees must have their access completely withdrawn and IT teams must have full visibility of how data is being moved across cloud, email, endpoints, and the web. Automation has a role to play here too, accelerating incident identification and response time in a way that is easily visualised.
Amidst economic downturn and widespread layoffs, employee numbers are fluctuating. This means it is all the more important to keep track of access rights, revoke access when immediately necessary, and ensure verification and authentication methods are in place. Organisations that promote the collaboration between security and other teams like HR and Legal to achieve this approach will be better positioned to confidently combat the risks associated with insider threats.
Staying one step ahead
The monetary costs of data loss from insider threats are direct and straightforward to comprehend. However, the indirect costs from disruption and the potential loss of opportunities for your organisation can stealthily creep up.
Creating a culture of cyber vigilance, training employees on best practice and investing in technologies that promote visibility and integration across cloud, email, endpoints and web are the best way to protect your organisation and take a proactive approach to insider threats.
To read more about Ponemon's research on the costs of insider threats, click here
This post was funded by Proofpoint
