According to a report commissioned by Imperva for Forrester Research, insider threats remain the leading cause of cybersecurity problems. Cybersecurity has become a global emergency, given the problems and economic damage caused by hackers and other malicious actors on the internet.
Contents
Speaking in concrete terms, and therefore in numbers, we know that:
- According to the latest report published by Clusit, in 2021 it occurred an increase in cyber attacks of 180%;
- equally worrying data concern Italy which, according to estimates by the Guardia di Finanza, is in second place in Europe for cyberspace threats behind Spain.
One of the main weaknesses for companies and individuals is the lack of awareness of risks: it is precisely there that the cyber attack manages to infiltrate, almost undisturbed. A clear example of the truth of this alarm is precisely in the relevance of internal threats, a real breach in the security system.
What is it? As the name suggests, the insider threat refers to a risk that is posed by an individual who is part of an organization or company. The most common example is that of a company's current or former employees, or partners or external collaborators, but also people who relate to the entity in a less constant manner.
How can the threat be put into effect? In reality there are different forms through which the risk comes to life. The first distinction is aimed at identifying the type of behavior of the internal subject:
- that is, if it is negligent behaviour (the most common);
- if instead there is a real intent to damage the company behind it: from simple negligence we therefore move on to fraud, an even more unpleasant situation to deal with.
As it is often said when it comes to risks: “if you know them, you avoid them”. So let's delve deeper into the topic.
Insider Threats: Most Common Types
According to research by the Ponemon Institute, 63% of cybersecurity incidents are caused by negligence, which leads to inadvertently putting internal data at risk that is promptly stolen by cybercriminals.
It would take very little to avoid incurring internal threats: simply using a VPN, for example, would make it more difficult for many hackers to access the company network and all that information that has become invaluable, even for smaller companies and individuals. The use of insider threat indicators, such as artificial intelligence and control of data exported from employee workstations, can similarly mitigate the risk of finding yourself in situations that are truly difficult to recover.
Taking a closer look at the types of insider threats, it is interesting to note that experience has now outlined several categories:
- Users used as pawns are the most frequent in cybersecurity incidents. Generally, these are careless employees who do not give the right importance to security policies. In some cases, it is a question of real incompetence, in others of an overestimation of their own computer knowledge.
- Then there are those who deliberately engage in improper behavior, voluntarily compromising the security of the company. Most of the time these are employees who have access to the data, but often they can also be ex-employees, who perhaps hold a grudge or simply want access to illicit profits.
- Another figure that can constitute an internal threat is the so-called "external collaborator", someone who, despite not having a constant presence in the organization or company, finds himself in a position to put its IT security at risk.
In the last two years, another type of internal threat has emerged, which most often represents a risk vehicle for negligence: the remote worker. What began as a form of temporary collaboration has transformed into a way of working that supports presence in the company. The consequence is therefore a higher number of accidents due, for example, to attacks of p26hishing. Furthermore, a fairly common habit among remote workers is to connect to the first free network they find when they are away from home and want to get to work. Needless to say, for hackers and similar categories, this is a real invitation to marriage: convenient and undisturbed access to the company's IT system.
Article published on 26 April 2022 - 10:32
Video Chronicles
