Organisations are often their own worst enemy when it comes to effective cyber resilience planning. External email threats dominate as preferred attack techniques. But, focusing only on external threats isn’t enough. Too many organisations are ignoring an equally insidious threat from within – the malicious insider.
Phishing in its many forms has grown in popularity. Here the attacker sends email to lots of people with a malicious web link to steal credentials for logins or a malware-laden attachment to infect a machine.
Then there is spear-phishing, where targets are more carefully selected to improve effectiveness and a new, and damaging, variant of this called CEO Fraud or whaling where online research, termed social engineering, is used to really target a specific individual within a specific organisation. These emails look legitimate, they often even get into a conversation with the target pretending to be their boss, before hitting them up for fraudulent wire transfers of cash or confidential data.
Mimecast, a leading email and data security company, released new data revealing that organisations globally are turning to ‘the threats from within’ when it comes to cybersecurity, with 45% saying they are ill-equipped to cope with the threat of malicious insiders and 90%, calling malicious insiders a major threat to the organisations’ security.
The average company goes 229 days before realising it’s been breached. By this time cybercriminals could have launched a variety of damaging attacks resulting in direct financial loss, reputational damage, and the theft of important or highly sensitive data like client records, trade secrets or credit card information.
By concentrating predominately on outside threats, organisations around the world struggle with the risk that comes from their own people, emphasising the need for organisations to implement employee awareness and education as well as creating a cyber resilience strategy.
Mimecast’s research also uncovered that:
- 53% of IT security decision makers view malicious insiders as a moderate or high threat to their organisation.
- One in seven IT security decision makers view malicious insiders as their number one threat.
- Those who say they’re very equipped on cybersecurity feel just as vulnerable to insider threats as those who believe they aren’t equipped at all.
“Every day, we trust employees with sensitive information and powerful tools, but we don’t give them the effective security education and advanced cloud security solutions that goes hand-in-hand with those responsibilities.”said Peter Bauer, CEO, Mimecast.
“A real issue is employees using file-sharing or cloud storage services to steal valuable corporate data – also known as malicious insiders. IT managers have, for too long, not paid due attention to this threat. We must re-evaluate unrestricted access to these services and ensure that other protections are put in place quickly.”
Mimecast Tips for Safeguarding Against Malicious Insiders
- Implement internal safeguards and data control to detect and mitigate the risk of malicious insiders when they do strike.
- Assign role-based permissions to administrators to better control access to key systems and limit the ability of a malicious insider to act.
- Offer employee security training programs that deter potential malicious insiders.
- Nurture a culture of communication within teams to help employees watch out for each other and step in when someone seems like they’ve become disenchanted or are at risk of turning against the company.
People are being duped every day. The FBI reported recently in the U.S. that losses from external threats like whaling or CEO fraud attacks alone grew by 270% from January to August 2015 with reported losses of $800 million in just six months.
Mimecast’s research showed that in the first three months of 2016, 67% of organisations had seen an increase in attacks designed to extort fraudulent payments and 43% saw an increase in attacks specifically asking for confidential data like HR records or tax information.
Clearly investing in up-to-date technology to defend your organisation is critical but remember that employees are the first line of defence and educating them regularly about potential cyber-attacks is vital.
As is telling them what to do when they spot a problem or feel they many have been duped. A culture that encourages and supports employees in being open (and fast to act) when they have made a mistake is important.
*This data was extracted from a Mimecast survey of 600 IT security managers from organisations in the United States, United Kingdom, South Africa and Australia. The initial findings of that survey were released in February 2016.