The rapid evolution of cyber threats is something organisations can no longer ignore, writes Michael Madon, Senior Vice President of cyber security product company Mimecast.
More than half of organisations have seen the volume of cyber-attacks increase, including ransomware, phishing and impersonation fraud. It’s time for a new level of preparedness.
The biggest problem is that only 30 per cent of businesses have adopted a complete cyber resilience strategy, with about one third still in the early stages of development or planning. This low rate of adoption – and ultimately, preparedness – has consequences. Insider threats, especially ones that use email and company devices, can arise if a cyber resilience strategy isn’t in place. According to Forrester, 99pc of businesses have experienced an insider security incident last year; 40pc of organisations have experienced Business Email Compromise (BEC) attacks, 36pc experienced insiders emailing sensitive data and 44pc experienced phishing attacks. In addition, more than two-thirds of employees use their company issued devices for non-work-related activities.
Despite the growth of insider threats in recent years, companies continue to invest in traditional security solutions that fail to prevent damage caused by employees. In fact, 55pc of modern businesses do not provide mandatory cyber security training. Many security decision-makers still don’t seem to realise the financial damage and impact on productivity that can occur as a result of human error. Businesses are trusting their employees to be cautious, but a lack of regular formal training could prove to be detrimental to businesses. This is why businesses need to act now.
The faces of internal attacks
To combat internal threats, organisations must first understand them. This means looking at the three internal threat actor profiles:
1.The compromised insider
This involves external attackers taking over the accounts and systems of unsuspecting users through credential harvesting, impersonation attacks, phishing emails or malware such as ransomware. Compromised accounts cause the biggest headaches for businesses – 75pc of firms describe the financial impact of compromised accounts as moderate or significant, and 68% said they lead to moderate or significant productivity loss.
2.The careless insider
There are employees in every business who simply ignore or don’t fully understand their organisation’s security policies and rules. While ignoring the rules is not done with malicious intent, it puts the organisation at great risk of a security breach or data leak. Recent research revealed that 75% of employees admit to using company devices when shopping online, and one in four are oblivious to cyber threats. Due to the lack of education and guidance on safe practices, organisations are misjudging the vulnerability that employees pose when using company devices for non-business use. Some 61pc of firms said non-malicious insiders cause moderate or significant financial damage while 56% said they experienced moderate or significant productivity impact from the careless insider.
3.The malicious insider
This threat actor intends to either profit from, or do damage to the organisation by stealing, leaking or compromising confidential data and employee or customer information. When they strike, malicious insiders cause significant damage. Some 64pc of firms said malicious insiders caused significant or moderate financial damage, while 57pc said they have had a significant or moderate effect on productivity.
Responding
After understanding what threats are out there, businesses need to respond appropriately. Forrester’s report revealed that firms prioritise basic email security capabilities such as anti-spam/virus compared to more advanced capabilities, such as sandboxing, URL inspection and DLP functionality. This is not the right approach. Instead, internally generated email must be part of every organisation’s threat detection and cyber resilience strategy. There are four key pillars to this.
1.Security is an organisation’s front-line defence and a layered approach is key. Businesses must look at implementing a threat management capability to monitor, detect and remediate security threats that originate in email. By integrating feeds with security, companies are able to conduct security checks on internal traffic, including attachments, URLs and email content. If something is detected as unsafe, businesses can then remediate the content from end-user mailboxes before it spreads further.
2.As threats like ransomware evolve, it’s more important than ever to have a separate and safe copy of your data. The only way to guarantee this is to create a central repository of corporate data in a fully encrypted, immutable and redundant system.
3.Businesses need a continuity solution. Email systems, whether hosted on-premises or in the cloud, can go down. Should downtime occur – whether due to a breach, human error or technical failure – businesses need to be prepared to quickly and seamlessly switch to an available service.
4.Employee training is a must. By educating staff from the board level down, security decision makers can ensure that employees can spot suspicious activity when it occurs, understand the risks of malicious activity and manage their company-issued devices appropriately. While technology can create a powerful human defence against internal threats, employees need to understand how to use them, what to look for and how to respond.
Internal threats need to be taken seriously. By recognising the danger and responding with the right technology, businesses can take a smarter approach to building cyber resilience.
