THE use of technology is rapidly growing across countries globally and the technology is being used for communication, online business, entertainment, accruing knowledge and increasing productivity to industries, among others.
But on the other side of the coin, technological advancements also expose organisations to tremendous risks from in and outside their entities.
Today, Cyber security is one of the biggest challenges faced by organizations and the global cost of cyber-attacks is predicted to rise up to 10.5 trillion US dollars by 2025.
Taking note of this, the capacity to anticipate, respond and recover from cyber-attacks is essential for modern organizations.
“We have seen many organisations focusing on resolving challenges brought about by hackers, threats from outside, and forget the bigger threats from within,” says Mr Yusuph Kileo, a cyber-security and digital forensics expert.
The latest Tessian report states that, between March and July 2020, 43 per cent of the reported security incidents were caused by malicious insiders, while 45 per cent of employees download, save, send, or otherwise exfiltrate work-related documents, before leaving their jobs or after being dismissed right at the onset of the Covid-19 pandemic.
Mr Kileo says malicious threat to organisations may come from people within the organisation, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.
He urges organisations not to ignore threats from within, because insiders know the weaknesses in an organization’s cybersecurity, location and nature of sensitive data, they can abuse.
“There is a need for organisations to use the ongoing cybersecurity month of awareness to educate users about insider threats,” Kileo adds.
For that matter, the United States has dedicated the month of September to raise awareness about threat from within due to its implication on American organisations.
“I would be happy to see other countries thinking of putting together good cybersecurity program because insider threats are global challenges as we speak,” he added.
Since insiders don’t act maliciously most of the time, it’s harder to detect their harmful activities than it is to detect external attacks.
Moreover, threats can either be intentional, accidental, or the result of credential theft with tremendous destructive power.
“Frustration with co-workers, stress, financial problems might turn a trusted user into a malicious insider. In addition, Unaddressed grievances, ignored feelings or mistreatment, taking revenge for perceived injustice and acting on opportunity contribute heavily to malicious insiders,” Kileo added.
Speaking of the common insider threat indicators, he says despite being hard for organisation to detect threats from within, there are several indicators that can raise alarm when individual is about to become a threat from within.
These include attempts to bypass security controls, requests for clearance or higher-level access without need, irresponsible social media habits, maintaining access to sensitive data after termination notice, use of unauthorized external storage devices and visible disgruntlement toward employer or co-workers.
Others are chronic violation of organization policies, decline in work performance, behaviors that demonstrate sudden affluence without obvious cause, such as large pay rise, inheritance, etc. – all these when observed from individual, the organisation needs to pay close attention before it’s too late.
“Frequent access of workspace outside of normal working hours is also one of the indicators but it depends, we all know in some of our busy city with heavy traffic you may find some individual spend more time in the office as he/she waits for the traffic congestion to get better, if this happens it’s not always a problem – We can start getting worried when we see individual start accessing files in the middle of the night.”
To combat the insider threats, Mr Kileo suggests that an organisation must put measures in dealing with threats from within in order to minimize the risk.
He further recommends that employees need to work on their field and they can only access sources related to their work, those from the same department need to have job rotation.
Access to infrastructures, system configurations, and data should be monitored to prevent them from violating security policies or causing a data breach.
“It is always important to keep an eye on your own employees. Resolve any issues with your employees whenever they arise, we have a good number of monitoring tools that can help you on this. User action monitoring software is very simple to use, it provides video recording of all user sessions that your security specialists can review in order to clearly see what users have done with your data,” he explains.
He also advises organisations to educate employees on why certain security practices are put in place and what are the consequences of not following them.
“Arm your employees and make sure that they are an asset to your security, not a liability” he advises, adding that organisations need to establish good audit procedures – both internal and external and make use of insider threats mitigation tools.
Organisation should also have insider threats program by collaborating with stakeholders or other departments to identify critical assets, risk indicators, relevant data sources, compliance requirements, cultural concerns and privacy implications when developing the program.
