Protect your business from Insider Attacks
You’ve always liked Mark.
Often you would run into him grabbing a flat white in the cafe downstairs. He was friendly enough and worked on a different floor, and like you, he followed the Dees. And he was thrilled with their first flag in fifty-seven years.
Mark works in digital marketing, looking after Meta ads. You know, the ones that seem to follow you on both Facebook and Instagram.
But over the last few years, you have spent more time in Ashwood working at home than in Collins Street. So the quick catch-ups with Mark have been pretty much on Zoom.
Now you’re back in the city a few days a week, and funnily enough, Mark hasn’t returned.
You’ve tried to message him on Slack and call him on Zoom.
You ask around.
No one you know has any idea where Mark is working.
Or if he is still working at all.
And you even head down the stairs to level six, but Mark has vanished.
Here’s the thing, Mark was the mastermind behind a recent insider attack on your business.
And these are the most challenging types of cyberattacks to detect.
An ‘insider’ is anyone sitting around you now with legitimate access and permission to your network and data. In other words, an authorised connection.
With that, they can bypass security defences designed to keep criminals out. And because an authorised user isn’t recognised as a criminal or an intruder, some security protections are not in place.
44% increase in insider attacks has occurred over the last two years in research completed by Ponemon Institute. And it now takes around eighty-five days to contain an insider threat compared to seventy-seven days in 2022.
More concerning is a 34% increase in addressing and remedying insider threats.
Melbourne businesses must understand what constitutes an insider threat and how to mitigate it.
Four types of insider threats
Insider threats can be challenging to identify because it is not only your employees you need to consider as a risk to your business.
Mark is a prime example of a rogue ex-employee, but vendors and hackers can carry out insider security breaches.
In some cases, it’s not always malicious and can be accidental.
1. A malicious or disgruntled employee
When Mark left, he decided to take all his contacts with him. He had personally done business with people for years, so he saw no harm in printing out their details.
But this is a malicious theft of your company’s data.
Another classic example of an insider attack is by a disgruntled employee. Sometimes they are upset with their line manager who just terminated them.
So they seek revenge and cause the business harm by planting ransomware.
Or worse, hook up with a hacker to hand over their login credentials in exchange for cash.
2. Careless or negligent employees
Untrained employees or their lazy behaviour can sometimes cause an insider threat. For example, they accidentally share classified information on an unsecured platform and, whilst not intentional, cause a breach.
Or as simple as using a mate’s computer to login into your business’s apps – whilst blissfully unaware of the security consequences.
3. Third parties with system access
The risk of insider breach is heightened if your business uses third parties such as contractors, freelancers and vendors.
Before you give them access, all third parties must be thoroughly vetted and verified to protect against this threat. And provide your IT partners, such as managed service providers, a review of their access and activity for any data security concerns.
4. Hackers using compromised passwords
The leading threat to cybersecurity globally continues to be compromised login credentials.
Once a hacker can access your employee’s login, they have become an ‘insider’. And your IT system recognises them as verified users.
Five surefire tactics to mitigate insider threat
An insider threat is far more difficult to detect after initiating it. But you can reduce the risk but having vigorous mitigation measures in place. And avoid a costly breach.
1. Ensure all new employees are rigorously checked
When hiring new employees, make sure you do a complete and thorough background check.
Many Melbourne businesses have found prospective employees red flags in their work history when carrying out checks. And don’t limit your reviews to employees. Be sure to do robust checks for any vendors or contractors with access to your systems.
2. Do you have endpoint device solutions?
60% of all endpoints in most companies are now mobile.
But truthfully, many businesses haven’t introduced a solution to manage device access to resources. So implementing an endpoint management solution can help you monitor, safe list devices and crucially block unauthorised devices by default.
3. Introduce multi-factor authentication with password security
One of the best defences against a cyberattack is ensuring your company uses multi-factor authentication (MFA). It’s powerful as it’s rare for hackers to access your employee’s mobile phone or FIDO security key.
When you use MFA with password security, you reduce the risk even further. All users must have strong passwords for cloud apps, use a business password manager, and require unique passwords for each login.
4. Regular employee IT security training
Training your employees on proper data handling and IT security policies is never too late. When your business conducts regular training, you can reduce the risk of a data breach.
5. Monitor your network and systems
In short, intelligent network monitoring can catch someone doing something wrong.
When using AI-enabled threat monitoring, you can detect unusual behaviour in real-time — for example, an employee downloading a significant volume of files. Or someone accesses your network from the Maldives, Bangkok or San Paulo.
Are you worried about insider attacks?
Just like Mark, who was an insider, your Melbourne business needs to introduce mitigating measures to stop threats.
Contact us today for a free consultation.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.