Insider Threats: Sometimes the Criminal Is Just a Desk Away
Data theft is on the rise! The news is full of stories about hackers crippeling well-known companies with their attacks. When we hear that term, we likely picture some obsessive IT junkie in a hoodie spending days on end hunkered in a gloomy basement, invading company networks in order to steal confidential data. But the truth is, in many cases, the real danger is somewhere else entirely – inside the company itself. They see it that way, too: according to a study by ENISA, 88% of the companies surveyed consider insider threats a cause for concern. The same study revealed that the average annual cost to companies of cyber incidents caused by insiders is €11.45 million.
These types of insider threats involve two different kinds of criminals. Those who plan and conduct their attacks intentionally. And those who accidentally allow third parties to access data belonging to their organization. Employees or former employees may perpetrate deliberate crimes. There are many different possible motivations:
- Whistleblowing: The perpetrator may wish to expose wrongdoings in the company and is therefore collecting evidence to support their case.
- Extortion: Companies must be aware that even loyal employees may be pressured into becoming accomplices.
- Money: Data is the new gold and a valuable asset for many organizations. Therefore it can occur that competitors pay a good price for it.
- Financial crime: Company data may stand to benefit individual employees, too –for example, information from development.
- Data for future employers: Employees may leverage data from their previous employer to get ahead in their new company.
AI has arrived in the hacker scene
But how can innocent employees become unwitting pawns for cybercriminals? Your average Joe often thinks that criminals mount targeted attacks against specific companies. But in fact, the bots do the real work scouring the Internet for potential targets. These AI and machine learning-based programs search for specific job titles on social networks such as LinkedIn. People in these positions receive automated, custom-crafted emails designed to look just like legitimate offers. However, the links in these emails conceal programs that provide the bot and the cybercriminal access to the company’s systems. As this attack illustrates, AI is not only a component of company IT systems – hackers are now using it, too. The consequences can prove disastrous for those involved. During the tumult of a stressful workday, it is easy to mistakenly click on a link. Opening the door to criminals without any malign intent to produce insider threats.
Other potential sources of internal risk include:
- Employee offboarding: When an employee leaves the company, if the company fails to terminate that person’s access to company systems or retrieve all proprietary equipment, including company USB sticks, the former employee or third parties may continue to gain access to systems and handle data without authorization.
- Remote work: Employees may access company data remotely using an unsecured, public WLAN network. In addition, mobile devices such as laptops, smartphones, and tablets are always at risk of being lost or stolen.
End-to-end security concepts
To minimize these insider threats, businesses can turn to cyber resilience. A comprehensive security concept based on the cornerstones of cyber security and business continuity management. It is especially important for unified endpoint management (UEM) and security measures to operate in tandem to ensure the full protection of endpoints. This way, even if an attack has been successful, it does not impede productivity. Users are still able to continue their work uninterrupted.
Key role of unified endpoint management
The management concept of all devices should contain an UEM solution. This presents the following advantages:
- Lightens workloads
- Optimizes processes
- Offers full coverage of devices and services through automation
- Provides access to all end devices and an overview of all active applications
Automated endpoint security ties into these solutions – and eliminates the need for manual intervention against attacks. If an event occurs, the software initiates all the necessary steps automatically. By employing a comprehensive cyber resilience approach, companies can use simple methods to increase their resilience as part of “UEM for IT.” Automation guarantees superior security against insider threats around the clock. Devices are fully protected without additional work for employees, who can continue to enjoy a smooth and successful employee experience.