Reassessing Your Cybersecurity Framework From The Inside Out
Remember the days when you could build a secure perimeter around your business and feel safe? With corporate boundaries shifting from the office to remote work locations, company leaders and cybersecurity pros must secure sensitive data, systems, and networks from the inside out.
Insider Threats: A Costly Mistake
Hollywood encourages the idea that insider threats are often due to malicious actors housed within our own walls. In reality, internal leaks are far less glamorous — and mostly unintentional.
According to a 2021 Cyber Security Trends Report from PurpleSec, 63% of security breaches stem from negligence. This includes sending emails to the wrong address, failing to protect passwords, or falling victim to social engineering. In fact, 98% of all attacks are social engineering — most often phishing attacks that manipulate people into sharing personal information, sensitive data, or credentials that allow access to confidential systems and networks.
Insider Attacks: A Rising Concern
While far less common, insider attacks are a rising concern. Malicious internal attacks are often linked to disgruntled employees — or former employees — with access to sensitive data.
On a recent episode of OzCyber Unlocked, two investigators share their experiences of intentional insider attacks. One investigator uncovered the identity of a resentful employee who stole data from his company’s client and held it for ransom in an act of revenge. A separate investigation discovered several illegal hotspots at a financial institution, three of which were found to be suspicious — including one device planted under the floorboards.
A recent BBC article highlights employees secretly taking on secret full-time jobs. These overemployed individuals are typically looking to game the system, increasing their income while asserting a sense of control. It’s easy to imagine this scenario going wrong and a conflicted employee, with access to sensitive data across several companies, becoming an insider threat.
A New Framework: A Holistic Approach to Cybersecurity
You can assume your organization faces some degree of risk — what kind and how much depends both on your cybersecurity framework and the solutions you adopt to secure your data. Consider combining clear policies with the right methods and tools to close security gaps and address insider threats — including the following basic recommendations:
Employees at all levels, especially leadership, must be educated about strong passwords, multi-factor authentication (MFA), and cybersecurity best practices.
Role-Based Access Controls
Access to sensitive data should be limited to those employees who need it to do their current jobs.
Stay Current with Security Patches for Commercial Software
Commercial software should be kept current and tested regularly.
Evaluating Internally Developed Software
Internally developed applications, especially legacy applications, can provide an even greater opportunity for damage than commercial software. Put in place procedures for assessing potential exposure from custom applications
For more information on preventing insider attacks, see Microsoft’s “Uncovering Hidden Risks” podcast series.