Despite several employee awareness programs and cybersecurity best practices, most organizations face insider threats that affect the overall security posture. Threat actors continue to target unwitting employees – the weakest link – with different social engineering and phishing lures hitting the mailboxes.
According to Egress’ Insider Data Breach Survey 2021, 94% of organizations sustained insider data breaches last year. Nearly 84% of security leaders surveyed stated that human error was the top cause of cyberattacks, while 28% of the respondents admitted that insiders’ malicious intent is their biggest fear.
By Rudra Srinivas, Senior Feature Writer, CISO MAG
Insider threats and attacks become a burning issue for organizations globally, as a single negligent act of an employee could cost a fortune for the company’s security. Insider threats increased by 47%, from 3,200 in 2018 to 4,716 in 2020. The cost of insider threat incidents also surged by 31%, from $8.76 million in 2018 to $11.45 million in 2020. Employee negligence led to 62% of security incidents, costing global organizations an average of $307,111 per incident.
All insider attacks are not due to employee errors. Some attacks are the result of employees with malicious intent.
The careless/negligent insiders are the common type of insiders that most organizations face. These insiders have no ill intentions towards the company; however, their negligent acts create chaos. The common actions (harmful yet unintentional) of a careless insider includes clicking/downloading malicious attachments, responding to phishing lures, and leaving flash drives containing sensitive data unattended, etc.
Oblivious insiders have access to the company’s confidential data, making them a primary target for phishers. Attackers often trick these insiders via social engineering to obtain sensitive data or deploy malware.
These insiders purposefully cause damage to the organization’s security by erasing/stealing sensitive corporate data or helping outsiders deploy malware or ransomware.
Insiders making career shifts come under this category. Saboteurs intentionally try to harm their current company’s reputation to show their frustration. Saboteur insiders take revenge against their present company by giving hackers corporate data and vulnerability exploits.
While we cannot predict insider actions, implementing certain security actions could mitigate the risks. These include:
Note: Do not use the passwords used as example in this article for your actual password.
About the Author
Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
More from the Rudra.
The post 4 Types of Insiders You Need to Know appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor