Search This Blog

Powered by Blogger.

Blog Archive

Labels

Internal Threats Loom Large as Businesses Deal With External Threats

Since 2019, the number of insider occurrences reported by organisations has increased from 66% to an astounding 76%.

 

Most people have likely been forced by their employer to undergo hour-long courses on how to prevent cyberattacks such as phishing, malware, and ransomware. Companies compel their staff to do this since cybercrime can be quite costly. According to FBI and IMF estimates, the cost is predicted to rise from $8.4 trillion in 2022 to $23 trillion by 2027. There are preventative methods available, such as multifactor authentication. 

The fact is, all of these threats are external. As companies develop the ability to handle these concerns, leadership's attention will move to an even more important concern: risks emanating from within the organisation. Being on "the inside" generally entails having access to highly sensitive and confidential information required to perform their duties. 

This can include financial performance statistics, product launch timelines, and source code. While this seems reasonable at first look, allowing access to this information also poses a significant risk to organizations—from top-secret government agencies to Fortune 500 companies and small businesses—if employees leak it.

Unfortunately, insider disclosures are becoming increasingly common. Since 2019, the number of insider occurrences reported by organisations has increased from 66% to an astounding 76%. Furthermore, these insider leaks are costly. In 2023, organisations spent an average of $16.2 million on resolving insider threats, with North American companies incurring the greatest overall cost of $19.09 million. 

There are several recent examples. Someone has leaked Israeli documents regarding an attack on Iran. An Apple employee leaked information about the iPhone 16. Examples abound throughout history. For example, in 1971, the Pentagon Papers altered public perception of the Vietnam War. However, the widespread use of internet media has made these risks simpler to propagate and more difficult to detect. 

Prevention tips 

Tech help: Monitoring for suspicious behaviour with software and AI is one technique to prevent leaks. Behaviour modelling technology, particularly AI-powered ones, can be quite effective at generating statistical conclusions using predictive analytics to, well, forecast outcomes and raise red flags. 

These solutions can provide an alarm, for example, if someone in HR, who would ordinarily not handle product design files, suddenly downloads a large number of product design files. Or if an employee has saved a large amount of information to a USB drive. Companies can use this information to conduct investigations, adjust access levels, or notify them that they need to pay more attention. 

Shut down broad access: Restricting employee access to specific data and files or eliminating certain files completely are two other strategies to stop internal leaks. This can mitigate the chance of leakage in the short term, but at what cost? Information exchange can inspire creativity and foster a culture of trust and innovation. 

Individualize data and files: Steganography, or the act of concealing information in plain sight, dates back to Ancient Greece and is a promising field for preventing leaks. It employs forensic watermarks to change a piece of content (an email, file, photo, or presentation) in imperceptible ways that identify the content so that sharing can be traced back to a single person. 

In recent times, the film industry was the first to employ steganography to combat piracy and theft of vital content. Movies and shows streamed on Hulu or Netflix are often protected with digital rights management (DRM), which includes audio and video watermarking to ensure that each copy is unique. Consider applying this technology to a company's daily operations, where terabytes of digital communications including potentially sensitive information—emails, presentations, photos, customer data—could be personalised for each individual. 

One thing is certain, regardless of the approach a business takes: it needs to have a strategy in place for dealing with the escalating issue of internal leaks. The danger is genuine, and the expenses are excessive. Since most employees are good, it only takes one bad actor to leak information and bring significant damage to their organisation.
Share it:

Cyber Security

Data Privacy

Insider Threat

Threat Landscape

User Security