Being Prepared for an Internal Attack

A study by the Ponemon Institute revealed that the number of cybersecurity threat incidents caused by insiders rose by 47% from 2018 to 2020. The cost of these insider threats reached $11.45 million, with the bulk of that spent on detection and investigation.

Ransomware and malware both fall under the heading of internal cyber-attacks. Any exploitation of credentials or code that takes place inside the walled network is also considered an internal cyber-attack. This can include when an employee uses their access to the business’s network to steal money or information. The theft of any funds is embezzlement, while copying or sharing any sensitive data — trade secrets, financial information, client lists or the like — is industrial espionage.

It is also possible for an employee to inadvertently or through negligence release data or allow intruders into a company’s computer system. For instance, if someone loses a laptop in an airport and information is obtained from that device, it is considered an internal cyber-attack.

When an internal cyber-attack is malicious, the culprit is most likely a disgruntled employee or former employee who is seeking revenge, financial gain or both. An example of this is the case of a former Twitter employee who in 2022 exchanged private information of Twitter users for bribes to officials of the Kingdom of Saudi Arabia and the Saudi Royal family.

The other possibility stems from a negligent employee. Another Ponemon Institute report found that more than two thirds of companies — 67% — experienced between 21 and more than 40 internal cyber-attacks each year.

 Negligent attacks include falling for a phishing attack, bypassing security controls to save time or emailing the wrong files to individuals outside the organization.

Because of the nature of internal attacks, it can be challenging to detect them and thwart them. But there are tactics that companies can employ to help. To start, regular and continuous training of employees on all security measures is essential. This can include proper handling of sensitive data, good password hygiene or simply how to recognize a phishing scam.

Next, businesses should utilize tools that properly manage user identities and permissions. Identity and access management (IAM) helps by focusing on both these, and authentication, so that the right users and devices have access. IAM can prevent attacks from departing employees, who may be unhappy, but limiting their permissions or even decommissioning their accounts immediately upon their dismissal to mitigate internal cyber threats.

User behavior analytics (UBA) offer the ability to detect emerging or ongoing threats, including internal ones. This is done through a combination of artificial intelligence (AI) and advanced data analytics that can model baseline behaviors and discern any abnormalities. User and entity behavior analytics (UEBA) and security information and event management (SIEM) can be added to UBA to expand its capabilities even further.

Finally, offensive security measures can help businesses identify weaknesses in their systems before they can be compromised. Basically, it is ethical hackers exploring a network using the same tactics a malicious hacker would expose any flaws or security risks. The company can then strengthen their system.

Level Solutions Group (LSG) is a full-service technology company, including network and security assistance. Today we have more robust architecture options and risk mitigation tools than ever before, meaning your company doesn’t have to be vulnerable to inside threats, whether intentional or accidental. Aligning with LSG ensures you have the right partner to help you keep your data secure. We can create a solutionized that is customized to your business’s needs.