Cyber attacks can come in many forms – from malware, to ransomware to Distributed Denial of Service attacks - but the one type that organisations have traditionally been more resistant to the idea of is the insider threat.
It’s “the elephant in the room,” said Morgan Gerhart, vice president of product marketing for Imperva yesterday at IP Expo. “This has long been a problem. In many cases it’s been a problem that organisations have ignored, either intentionally or unintentionally.”
It’s also a problem that has become “increasingly more visible over the last several years,” primarily because cyber criminals have become more aware of the financial value of corporate data and are employing more and more dirty tricks to get their hands on it.
From a business point of view, it’s a lot harder to defend against an insider threat then a more traditional, external cyber attack. “When it comes to a direct external threat, there are steps that we can take,” explained Gerhard. “It’s a bit more problematic when it comes to our employees. We have to give employees access to data and in most cases, most employees need access to most data. By definition we have to trust our employees, but while doing that we put our data at risk.”
The most recent high-profile example was the Sage breach that took place in August, where the personal information of employees at 280 UK businesses was left exposed. Sage said at the time that it was “investigating unauthorised access to customer information using an internal login,” highlighting the problem that businesses have on their hands.
And the prevalence of this type of attack has continued to come to the fore in recent weeks. A recent report from Kaspersky Lab revealed that cyber criminals are frequently turning to insiders in order to gain access to telecommunications networks, whilst an Imperva study suggested that one in every 50 employees should be considered a malicious insider.
However, it must be noted that labeling every insider breach as ‘malicious isn’t really fair. Insider threats can also come via a compromised user – where the hacker gains access to an employee’s credentials without his or her knowledge – or simply via a careless user where “the way that they do their job puts data at risk.”
“In all cases, they’re hard to detect,” said Gerhart, but by monitoring user access and having a thorough understanding of where your company’s sensitive data is stored, the risk can at least be reduced.
Image source: Shutterstock/Andrea Danti