Organisations around the world are at a greater risk of insider threats than ever before, with reported incidents up 47% year on year. And they are as damaging as they are prevalent. In the UAE, Proofpoint’s recent research found that 17% of surveyed companies had suffered an insider threat attack in 2019. Mass migration to remote working and increased reliance on cloud systems, coupled with potential financial pressure, job insecurity, unfamiliar circumstances, and the general anxiety of a global pandemic have created a perfect cyber storm.
Adapting to a new landscape
Any strong cyber defence must be adaptive, and nothing calls for greater adaptability than a global pandemic. As many employees are working outside of the norms and formalities of the office environment, they may be unsettled, distracted by chores and home life, and more prone to making basic mistakes.
Since the start of the pandemic, there have been hundreds of Covid-19 related phishing attacks. It only takes one absent-minded employee to jeopardise the security of your entire organisation. Defence teams must also account for new behaviours that may once have raised an eyebrow, such as employees logging in at unusual hours to work around childcare.
The sinister side of pandemic psychology
Unfortunately, the increased potential for mistakes is not the only weak link on display to the opportunistic cybercriminal. The psychological pressure of the uncertainties brought by the pandemic can give way to a more sinister threat: the malicious insider.
While malicious insiders are less common, they can be more damaging. Many use inside knowledge to evade internal defences, and actively take steps to cover their tracks, making them far more difficult to detect and contain. On average, a malicious incident costs $755,760, more than double that of a negligent threat. The same is true of employees with a grievance against your organisation. A disgruntled employee could see themselves presented with a seemingly simple and effective method of revenge.
Building an inside-out defence
Spotting the potential for insider threats is never easy. Spotting them outside the office environment where there is less scrutiny or pressure to meet security standards is harder still. The only effective defence is a flexible, robust, multi-layered strategy that combines people, process, and technology.
Start by implementing a comprehensive privileged access management solution to monitor network activity, limit access to sensitive data, and prohibit the transfer of this data outside of company systems. Controls must be watertight, flagging and analysing every log for signs of negligence or foul play.
Supplement this with clear and comprehensive processes governing system and network access, user privileges, unauthorised applications, external storage, data protection, and more. Everyone in your organisation must know how to spot and contain a potential threat, and, whether intentional or not, how their behaviour can put your organisation at risk. While today’s working environment may feel more relaxed, security best practice still applies, perhaps now more than ever.
By Emile Abou Saleh, Regional Director, MEA, Proofpoint.