Important Security Awareness Training
The last several years have seen a flurry of change in the contemporary workplace. Remote and hybrid work, broad cloud adoption, and more significant staff churn have made data security more challenging than ever. It’s no surprise that insider threats are expected to increase by 44% by 2022.
According to the 2022 Speech of the CISO survey, many cybersecurity professionals believe that taking a proactive approach to insider threats is necessary. Even so, no company is immune to insider threats. Insider threats are, in fact, the #1 security concern for chief information security officers (CISOs) worldwide. Over the next two years, mitigating insider threats is a significant priority for more than a third of the CISOs evaluated.
Regarding this series
Human interaction, rather than technological exploitation, is at the heart of today’s cyber risks. Indeed, according to Verizon’s 2022 Data Breach Investigations Report, 82% of data breaches include the human factor. According to the paper, this reality “places the individual squarely at the heart of the security estate.” Attackers use social engineering to deceive individuals into clicking dangerous URLs, opening malicious attachments, entering their passwords, transferring sensitive data, transferring payments, and other activities.
This is the final part of our six-part blog series on subjects that all businesses should include in the security awareness training they deliver to their users. The following topics have been explored in this series:
- Social engineering
- Phishing
- Business email compromise (BEC)
- Social media
- Ransomware
- Insider risk
We recommend that you read the preceding five instalments in this series. While the material offered in this series was inspired by Cybersecurity Awareness Month in October, it may be valuable to your company at any time of year.
An insider is a person who has a professional relationship with a company. Due to their job and privileges, they have (or formerly had) authorised access to vital data and systems. An insider might be a current or former employee, contractor, or business partner who meets all or any of the following requirements:
- The company provides them with computer or network access.
- They create products and services for the company.
- They are aware of the organisation’s plan.
- They have access to confidential information.
In a nutshell, an insider is someone in a position of authority. These users represent a threat when they act maliciously and exploit their trusted parts for personal gain or advantage. What may need to be clarified is that people who unintentionally misuse or mishandle their access can inflict just as much harm. The same is valid for users whose insider access has been hacked and exploited by a third party.
The phrases “insider risk” and “insider threat” are sometimes used frequently. However, they are not similar. Insider threats are a subset of insider risk: all insiders constitute a danger to an organization’s access to data and systems. Not all insiders, though, will become an insider danger. This relevant difference demands a strategic and tactical strategy to handle appropriately.
We help to analyse, captured, defence and protect people and company from Cyber Crime and Hacking.
What exactly is insider risk?
Insider threat classifications
Here is a more in-depth look at the three main categories of insider threats:
Careless – A careless insider is a well-intentioned user who makes terrible mistakes that expose or steal critical data. Two examples are downloading files on a USB storage device or mistakenly revealing sensitive data (such as a customer’s credit card information). Insider events are caused by careless users in 56% of cases.
Malicious – Personal gain motivates these insiders, who attempt to destroy the organisation. Exfiltrating financial data or commercial secrets is one example, as is deleting sensitive information. According to Ponemon’s insider threat research, malicious insiders account for more than a quarter (26%) of all insider occurrences.
Compromised – Users who have been compromised are frequently Very Attacked by People with privileged access to information. In other words, they have access and credentials that might allow threat actors to get access to a company’s vital systems and data. To steal such credentials, attackers deploy social engineering tactics such as phishing. This year, stolen credentials have been involved in around 18% of insider incidents.
A careless user poses a hazard because of the following:
Human miscalculation – This might range from server misconfigurations to sharing a file with more people than necessary.
Poor decision-making can involve unwittingly putting the company at risk by copying a file to a USB drive or personal file-storage account.
Malicious users may provide the following threats:
Destroy a malicious insider attempts to harm or destroy corporate systems.
Fraud: An insider with malevolent intent steals or modifies data to create deceit to disrupt the firm or profit financially.
Intellectual property theft: Any proprietary knowledge valuable to a business might be deemed IP. Malicious insiders steal intellectual property for personal benefit or to create long-term financial or other harm to the firm.
Intrusion: Intrusion occurs when a malicious insider obtains essential trade secrets, files, and data from an organisation and then sells that knowledge to the company’s rivals or even state-sponsored threat actors.
Finally, compromised users’ internal threats are often the result of one or more of the following:
- Credentials stolen
- Phishing
- Malware
Inadvertent helping and abetting via social engineering attacks
End-User Recommendations
Organisations must assist workers in avoiding becoming part of the insider threat problem. This learning process begins with increasing their understanding of irresponsible behaviour and the possibility of harmful insider activities. While security awareness will not prevent criminal individuals, it will assist others in detecting and reporting questionable conduct.
Here are some key points your users should be aware of about this critical topic:
Consider your options before acting – While adopting the shortest road may make your job or the tasks of your colleagues easier, it may also introduce risk. (For instance, don’t exchange account information or transfer data to a USB device.)
Keep up to date – Make sure you understand the organisation’s policies on data and system access and usage. (For instance, only use applications and technologies offered or approved by the organisation’s IT department.)
Any questionable conduct should be reported to the security team – If you see a coworker acting strangely, for example, asking to “borrow” credentials to access an app they aren’t permitted to use, they might be a hostile or compromised user.
Also, emphasise to your users their vital role in helping to secure your organisation’s data. Accepting their front-line position and adopting the basic but effective actions listed above into their daily activities will help to reduce and mitigate insider threats.
All-year resources to support your organisation’s cybersecurity.
We hope you enjoyed this blog series on important security awareness training topics. For additional information and tools on security awareness, don’t hesitate to contact us at www.makemyprivacy.com.
Consider using the MakeMyPrivacy Cyber Security Solution to help your organisation’s insider risk management efforts. It safeguards against data loss and brand harm regardless of whether users are malicious, careless, or hacked. With rich context that combines user actions, content, and risks, MakeMyPrivacy provides a people-centric approach to protecting sensitive data against insider attacks and data loss. Find out more about MakeMyPrivacy here.
We help to analyse, captured, defence and protect people and company from Cyber Crime and Hacking.
