Beyond Technical Solutions: Addressing Insider Threats and Employee Training

In this ten-part blog series, we will unroll how businesses can navigate through the cybersecurity challenges. The fourth segment in this series sets the stage by exploring the role of human error and malicious insiders in cybersecurity breaches.

A disgruntled Tesla employee committed data theft, exporting a large volume of sensitive company information to an external third party. He exported Gigabytes of Tesla data, including confidential photos, video of company manufacturing systems, and financial data. The employee admitted to placing software on the desktops of co-workers so that he can continue to export data after leaving the company. While the employee claim whistle-blower status, he was ordered to pay Tesla $400,000. (Tesla, Inc. v. Tripp (2:18-cv-01088)) .

Verizon’s 2023 Data Breach report (DBIR) dissection of over 16,000 security incidents reveals over 5,000 confirmed incidents of data leakage. A troubling 74% of incidences can be linked to human error or manipulation, which highlights the criticality of human factors. External actors were behind a staggering 83% of the breaches, with financial gain accounting for a spectacular 95% of those cases. These malicious actors exploit the weaknesses through stolen credentials, cleverly crafted phishing attempts, and unpatched software vulnerabilities.

There can be various motivating factors behind malicious insiders’ activities. It can be financial gain, a common driver, with resentful employees seeking revenge or employees aiming to profit by selling confidential information. Additionally, resentful employees act as a major vulnerability to manipulation by external actors seeking to compromise an organization’s system.

Another major factor can be ideological motivation, with malicious insiders seeking to disrupt an organization they perceive is unethical or harmful.

Evolving Threat Landscape: Remote Work Setup

With the digital transformation driving through industries, Insiders’ threats are only certain to grow larger. The rise of remote work arrangements has critically blurred the security perimeters, making it a bigger challenge to supervise the access and activities of employees. Moreover, Digital adoption and integration across business operations, leading to proliferation of cloud solutions and collaboration tools, acts as new vectors that malicious insiders exploit.

Furthermore, with the evolving technology landscape, leading to more sophistication in cybercrime activities, even people with limited technical expertise are capable of doing significant damage. Phishing scams are becoming more focused and persuasive, and standardized hacking tools on the dark web, empowering malicious insiders with advanced capabilities.

Beyond Technical Safeguards: Building a Culture of Security Awareness

While various technical safeguards like firewalls, data encryption, and intrusion detection systems act as the protection shield, yet, it can be effective only with a comprehensive cybersecurity policy that prioritizes building up the cybersecurity culture and awareness among employees. This requires a multi-pronged approach-

• Security Training Programs: It is critically important to provide awareness training to all employees in an engaging manner. Among the most pertinent topics are the phishing scams, data security protocols, password hygiene, the best practices, the do’s and don’ts, and how to identify and report suspicious activities. The training programs should be tailored to the needs of different employees, as per their role and function, ensuring every employee understands their specific security responsibility.
• Security Champions: Security champions are employees from different departments who have been specifically empowered to be the voice of the security team. They help to facilitate communication among employees and up their integration into different security-related issues. Security champions encourage employees to speak freely and report concerns.
• Phishing Simulations: Another type of awareness activity is to simulate phishing scams and help employees build the skill to identify them. However, it is important that simulations are realistic yet not overly stressful to employees. Employees should be able to see the full course of phishing simulation, with feedback and training opportunities after every simulation.
• Policy and Procedure Development: Define security policies and procedures, essential to establish expectations for employees’ behaviour. These policies should address issues like data handling, password management and acceptable practices for devices and networks in use.

Mitigating Insider Risk: Strategies for Early Detection and Prevention

• User Activity Monitoring (UAM): UAM solutions can monitor user activity within an organisation’s systems for potential malicious behaviour. However, organisations need to find a balance between effective monitoring and respecting employee privacy.
• Data Loss Prevention (DLP): DLP solutions can help organisations detect data exfiltration by insiders. It monitors data transfers for attempts to move sensitive information out of authorised systems.
• SIEM (Security Information and Event Management): SIEM systems can aggregate information from various security tools, providing security teams with a single view of all potentially malicious activity. SIEM can help in detecting potential insider threats by identifying anomalies in user activity or system behaviour.
• Background check: Companies can deploy robust background checks to filter out likely candidates who have a history of fraud or other warning signs indicating potential malicious insider threat.

Cybersecurity is a collective responsibility. Organizations that priorities employee training, maintain a security culture, and deploy robust detection and prevention solutions stand to minimize the likelihood of committing insider threats. To achieve digital immunity, organisations must appreciate that security is more than a technical challenge, and it entails making employees active advocates in safeguarding valuable assets.