The threat of internal cyber attacks and how to reduce the risk

Not only do the leadership team and HR leaders need to anticipate and mitigate the risk of cyber threats from unknown hackers, but they also need to be wary of the risk of an attack from inside the organisation.

There are inadvertent risks, where employees accidentally open an attachment or compromise security, but increasingly we see malicious actions by disgruntled employees. It could include stealing company IP, such as a sales database when an employee moves to another job (recruitment consultants and real estate agents are often vulnerable to IP theft), to malicious ‘logic bombs’ when an employee leaves a piece of malware on the system that ‘triggers’ after they leave and are no longer in the HR database.

According to Panda Security, while negligent insider threats are most common at 62 per cent of all “insider incidents”, malicious insiders represent 14 per cent of all these incidents.

Fraud is another action that may be taken by employees. And data breaches are much easier to attempt in the new hybrid-work environment, working from home, because of low work supervision.

Almost all incidents (90 per cent) are caused by "ignorant or arrogant users who believe they are exempt from security policies” according to Gartner as referenced by IBM. The list of motivations for malicious insider breaches is a mile long and includes revenge, ego, coercion, ideology, espionage or financial gain.

There are several strategies a business can consider implementing, including:

Education for everyone: Invest in and implement interactive cybersecurity training. Embed it into the organisation's culture, from induction through to regular updates. While you can't stop all malicious intent, you can limit accidental breaches.

Regular audits: Engage external consultants to audit your cybersecurity and suggest improvements.

Limit who can see and take your data: Read about “removable media policies” and “sensitive employee data”.

Promote a fraud and insider-threat awareness culture: Educate employees on what to look for and make it easy for them to report any suspicions without recriminations. They may take some time to speak up against a colleague they suspect.

Audit your processes: Identify where employees might be prone to human error, or simplify eradicate complex tasks.

Multi-factor authentication: Limit malicious activity. For example, if a dishonest employee happens upon a colleague's password, they still need their mobile phone to complete a malicious login.

Documenting an incident response: Keep a log of breaches and have a robust logging system to enable the leadership team to identify vulnerabilities and threats and promote a culture of continuous improvement for the future.

Unfortunately, we will never completely stop the threat of malicious internal actors. But, by implementing some reasonably simple processes we can somewhat mitigate the danger and damage.

Ben Jones is the managing director of Continuum Cyber

Note from the editor: This article has been prepared for informational purposes only and is not to be construed as advice (legal or otherwise).