Cyber Risks: Don’t Overlook the Threats Within Your Own Walls

By Lev Matveev, Founder of SearchInform 

While companies focus on external cyber threats, insider risks are skyrocketing, with incidents costing organizations millions annually. In this article, we will explore the harm insiders might cause and the tools for mitigating such risks without breaking the budget.

Most discussions on cyber incidents focus on threats originating from external actors—like DDoS attacks, phishing, or social engineering. Companies often concentrate their defenses there, as these are the attacks that make headlines.

Insider threats, those originating from within an organization, are often overlooked despite their growing impact. The 2023 Ponemon report shows an 8% rise in insider-related incidents. On average, these incidents now cost organizations $16.2 million per year. The figure includes both pre-incident prevention and post-incident response expenses.

In the meantime, the Middle Eastern business community recognizes this threat: 78% of UAE and 71% of Saudi Arabian respondents admit insider risks as a major concern.

Never Underestimate the Power of a Common Employee

Insider incidents mainly occur due to the following:

1) a negligent or outsmarted employee with no evil intentions; 

2) a malicious actor, driven by revenge or operating for personal gain.

Non-malicious insiders’ share is the largest; in 2023, they were responsible for 75% of all insider incidents. Malicious insider cases are less frequent—25%. However, they cost the companies the most: $701,500 per incident on average.

Let’s explore the types of harm insiders can cause organizations. Non-malicious actors are mainly responsible for leaks of sensitive data due to carelessness or lack of fundamental security awareness. 

The troubles malicious insiders can create are way more numerous. Employees with bad intentions may cause serious incidents as acts of revenge against the company they believe treated them unfairly. You might have heard of Kandula Nagaraju’s story: the man deleted more than 150 virtual servers of his former employer after being fired. He managed to accomplish this because his corporate credentials remained active even after he left the company. 

Some malicious actors do not bother deleting anything. Instead, they disclose their employer’s confidential information, either for no personal gain—solely out of anger—or for monetary reward from market competitors.

The most creative insiders come up with fraud schemes. In my practice, there was a case where an employee forged incoming commercial offers by making the prices in them higher so that a supplier he knew could get the deal. Later, this supplier was supposed to pay him a kickback.  Also, there are numerous cases where insiders illegally used employers’ customer data, corporate software, and devices to establish and run their side businesses. 

Severe consequences can arise from collusive attacks, where malicious insiders collaborate with external actors to compromise the organization. Beyond data theft, they can infect networks with malware like trojans or ransomware. These combined efforts make the attacks more difficult to detect and mitigate.

What all these malicious and non-malicious insider incidents have in common is that they result in data breaches: client databases, blueprints, or know-how. This causes financial losses, including costs related to downtime, resources needed for system restoration, regulatory fines, inefficiency, and reputational damage. It hardly sounds like an entrepreneur’s dream, does it?

As Long as We Know How to Fight, We’ll Stay Alive

Now that we understand the dangers insiders pose, how can we prevent these potential disasters? First, start with cybersecurity awareness training. Employees must know what sensitive information is, what the most common types of threats are, and how to avoid them. This should be done through regular training. The key point here is to avoid making educational activities dull. It is better to make training more practical by including internal tests (just like phishing tests we are used to facing) for employees, a breakdown of the results of such tests, and so on.

Second, implement security solutions. You would not leave your office door without a door and a lock, would you? The same is true for data storage: protect your valuable assets with a secure door and lock. Data Loss Prevention (DLP) and Data-Centered Audit and Protection (DCAP) systems come to the rescue here. These tools protect businesses against data leaks and corporate fraud. 

DCAP searches and audits data stored on local computers, servers, cloud storage, and corporate networks; then analyzes the data, distinguishing its types from the entire stream. Finally, according to the results of the analysis, it distributes access rights to particular information. DCAP ensures protection by restricting access, modification, or transfer of sensitive information to those who should not.

DLP, in turn, comprehensively monitors all popular data transfer channels, thoroughly analyzes incoming and outgoing information, detects and prevents violations by blocking unauthorized transmissions outside the corporate perimeter, and provides administrators with detailed reports.

It is important to note that such systems do not operate on their own; they require proper administration and support from skilled information security (IS) specialists. Therefore, the next item on the “what to do?” list must be “to hire an IS professional” with the necessary skills to manage these tools effectively.

Why so Difficult?

If there are effective technical instruments available and quite clear steps to take, why cannot companies build unbeatable security? There are a couple of trivial reasons for this. 

The first is a lack of budget, which is especially relevant for SMEs. Purchasing security software licenses and the required hardware is costly. Hiring qualified personnel to manage that software adds another layer of expense. As a result, companies simply let security slide. 

Furthermore, hiring an IS professional is not only expensive but also challenging in today’s labor market. A good IS professional is like a needle in a haystack, as there is a global shortfall in the cybersecurity workforce. Last year, the UAE alone had a shortage of over 30,000 professionals. 

Smart Security on a Budget

In a context where entities face budget constraints and security talent gaps, the smart choice is to implement a managed security service (MSS) that combines a DLP and DCAP. MSS providers offer outsourced monitoring and management of a company’s security devices and systems, eliminating the need to invest in expensive hardware or hire and maintain an IS officer. This makes MSS a cost-effective approach.

MSS providers assign dedicated managers to monitor clients’ security systems and notify them if anything significant happens. These specialists bring valuable expertise from working with multiple companies across different industries. Therefore, they can help you in the most unexpected situations.

As a result, MSS is gradually gaining popularity, proving its effectiveness. The SearchInform survey shows that nearly 70% of organizations in the MENA region are either already using managed security services or planning to do so soon. 

_________________________

Prioritizing external threats while ignoring internal ones can play a cruel joke on an organization, as employees who know where the company’s Achilles may cause even greater harm than an external actor. 

Take a balanced approach to cybersecurity and work on addressing both external and internal threats. Educate your staff, implement advanced technological tools, or delegate security functions to reputable managed security service providers. Keep in mind our tips and stay secure.