National Insider Threat Awareness Month, which wrapped up in September, has given the cybersecurity community an opportunity to reflect on how the threat landscape has evolved in the past 12 months – and what lessons about detection, deterrence and mitigation can be learned from those changes.
As we did a year ago, let’s examine three of the key lessons:
Lesson #1: Threats Are Quickly Evolving
Disregarding the nearly 50 percent of insider events that can be ascribed to negligent and careless insiders, there are still plenty of malicious actors out there preparing the next insider attack. And they’ve been coming up with novel ways to succeed. Why bother hacking your way into an organization when, for example, you can simply bribe an insider to do it for you? That’s what recent reports say ransomware gangs have been attempting, offering a generous share of ransom payments to the insider who ‘unlocks the back door.’ Most organizations are not yet equipped to detect this and other emerging cyber-attack vectors.
Lesson #2: Vulnerabilities Have Increased
After Covid-19 arrived in early 2020, remote work took firm hold – especially among knowledge workers across a wide swath of industry sectors. With it came a dizzying array of new cybersecurity attack vectors. Along with the more plentiful ‘conventional’ external threat actors, insiders now have better odds of breaching network defenses and stealing intellectual property and sensitive data from the privacy of their own homes. Meanwhile, security teams are scrambling to secure new devices and monitor workers outside the traditional perimeter. Their latest unenviable risk management challenge: the double whammy of a rapidly evolving threat (see Lesson #1) and drastically increased vulnerabilities.
Lesson #3: Don’t Wait to Launch Your Program
Launching an insider threat mitigation program can be a long and complex affair. Detection systems must be selected and deployed, data sources must be connected and staff and management need training in governance and operations. The required commitment in dollars and labor hours before concrete results are obtained can discourage all but the most committed leaders from green-lighting such a program. That said, incidents involving insider threats increased by 47 percent between 2018 and 2020, and no is one predicting the pace will slow. Considering that statistic, coupled with the high cost of cleaning up the mess left behind by an insider attack, the best time to launch an insider threat program was yesterday.
For more information about mitigating insider threats, check out this CYDERES video.