Category: insider threat

When we think about cybersecurity threats we often imagine a shady hacker figure, cloaked in a black hoodie, admiring their cyber empire across a bank of screens that cover an entire wall. You may even imagine a spy figure hacking into foreign governments and passing intelligence to officers on the ground. Chances are, you’re probably not imagining yourself. But surprisingly you are one of the biggest risks to an organization. 

Take a few minutes and think about what you could do to cause the most damage to the company you work for. It might look like copying sales data and going off and starting your own company or intentionally downloading malware to a work computer. Another option is stealing intellectual property and passing it to a competitor. 

This isn’t theoretical, Verizon’s 2024 Data Breach report internal threat actors represent 35% of all incidents. However, it is important to note that this includes intentional and unintentional attacks. The data only tells part of the story though — many insider attacks go completely unnoticed and are notoriously underreported. 

Digital Breadcrumbs — What They Are and How They Aren’t Always What They Seem 

Unlike a typical attacker, insiders know the systems, business, industry, and data their organization uses inside and out. An external actor must perform reconnaissance, hunt for open ports, or test vulnerabilities, whereas an insider likely already knows this information. Outside attacks create “digital breadcrumbs” a.k.a tiny pieces of evidence that a security team can find and investigat. Insiders don’t necessarily create the same trail. 

Identifying malicious intent can also be tricky. While every job aims to have specific roles and responsibilities, at some point almost every worker will be asked to prepare something or complete a task outside of the regularly defined job roles. Sudden access to financial reports might look suspicious at first glance, but then you might realize it’s the end of the quarter. A flurry of emails from a work account to a personal account might scream, “They’re sending data,” until you see they’re backing up some photos during their lunch break. 

Even when there are digital breadcrumbs for investigators to find, often these are just as likely to be legitimate (or perhaps employee misuse of IT systems) rather than an extremely damaging attack.

Differentiating Motivators for Internal and External Threat Actors 

One of the top motivators for external adversaries is finances. According to the 2024 Verizon Data Breach Report, it was the catalyst for over 90% of incidents caused by an outside adversary. For insiders, it is slightly less important but still high on the priorities at 88%. 

For insiders, we see a marked increase in espionage motivation (46%). We typically see this play out in transferring intellectual property or customer contacts to an existing competitor or using it to start up their own company. A lot of the times this is motivated by a grudge. We saw this play out in real life with the following incidents:

  • A school IT technician took revenge by hacking into the institution and deleting data after he was fired 
  • A former employee who was laid off for poor performance took revenge and landed himself a lengthy prison sentence 
  • An ex-network administrator in San Francisco refused to give up any company passwords even after he was handed a prison sentence (he eventually conceded when the mayor came to the insider’s prison cell) 

Protecting Your Organization from Insider Threats 

So how can you protect your business from insider threats? 

Implementing robust technical controls is definitely essential, but only half of the story. Tools such as data loss prevention (DLP) solutions can notify teams of significant increases in data transfers, and simply blocking the use of portable drives can effectively minimize attack opportunities. It’s worth mentioning though that these controls can sometimes have the opposite effect. When employees perceive they are being heavily monitored it can increase their disgruntlement, and encourage them to adopt more insecure practices. 

Unlike other types of cyberthreats, insider threats have a significant human element, and this is best managed through people and processes, such as: 

  • Establishing a comprehensive offboarding procedure that thoroughly revokes employee access, regularly audit employee permissions, and ensure that individuals only have access to the systems and files necessary for their roles. 
  • Providing employee assistance programs for those facing financial difficulties or mental health challenges can reduce insiders’ likelihood of feeling compelled to act.
  • Implementing an employee review process that identifies performance issues early on and offers opportunities for improvement before considering termination can help prevent insider threats from emerging. 

Ultimately all three of these factors are built on fostering a secure and supportive work environment. With this type of culture, businesses can reduce the risk of an employee becoming an insider and ensure that potential issues are identified and addressed before they escalate into a full attack.

The post Trust, Teams, and Tragedy – The Ever-Present Risk of Insider Threats appeared first on Cybersecurity Insiders.

In recent years, cybersecurity threats have often involved hackers stealing identities through various digital channels to gather sensitive information. However, a recent incident within the administrative environment of cybersecurity firm KnowBe4 has highlighted concerns about insider threats.

According to a blog post by KnowBe4, the incident unfolded when the company advertised a software engineer position for an AI development project and received applications from candidates worldwide. One applicant from the United States stood out to recruiters and was hired after successfully passing multiple interviews, including two video conferences.

Initially, everything appeared routine as the new employee was onboarded and provided with a Mac workstation via mail. However, the situation took a troubling turn when the company’s Endpoint Detection and Response (EDR) software flagged malicious activities on the device and network. These activities included unauthorized downloads of malware, transferring sensitive files to remote servers, and running espionage-related software.

Efforts to contact the employee were unsuccessful, prompting the Security Operations Center to isolate the device and launch an investigation. It was later revealed that the supposed IT worker was not genuine and had been manipulated to act on behalf of entities in North Korea. The objective was to infiltrate KnowBe4’s corporate environment, gain access to servers, and potentially deploy ransomware to extort funds. Additionally, funds were intended to support North Korea’s nuclear ambitions through an e-wallet linked to the regime.

Further investigation uncovered that the device sent to the fake employee had been redirected to a clandestine location, connecting to North Korean networks via a VPN.

In response to this incident, KnowBe4 has shared several tips to help organizations detect fraudulent IT worker scams:

a.) Conduct thorough background checks as soon as candidates submit their resumes, particularly for remote IT roles.

b.) Verify recommendations independently rather than relying solely on email correspondence, which can be falsified.

c.) Conduct video interviews for all stages of the hiring process to ensure the authenticity of the applicant.

d.) Monitor and restrict access to sensitive information and systems during the initial months of employment or project initiation.

e.) Implement robust access control and authentication measures for all new hires, especially during probation periods.

f.) Maintain close oversight of employee activities, particularly during training periods, and restrict access to critical IT infrastructure accordingly.

This incident serves as a stark reminder of the importance of vigilance and stringent security measures in protecting against insider threats and cyber espionage activities.

The post KnowBe4 targeted by North Korea with Insider Threat appeared first on Cybersecurity Insiders.

Ascension, which fell victim to a ransomware attack in the initial week of May, swiftly initiated an investigation to address the circulating speculations in the media. Sources indicate that the attack transpired when hackers exploited the network after an employee inadvertently downloaded a malicious file, inadvertently granting access to the perpetrators.

Upon thorough examination, it was determined that the employee’s action was unintentional, devoid of any malicious intent towards customers or company affiliates.

Further scrutiny uncovered that the breach originated from a social engineering maneuver, where the hacker acquired company network credentials from a staff member.

Proactive measures such as employee training and awareness programs can significantly mitigate the risk of such attacks. Additionally, the implementation of threat monitoring solutions and multi-factor authentication mechanisms is crucial.

In a bid to uphold its reputation and reassure customers, Ascension Healthcare is extending free credit monitoring and identity theft protection to all customers and partners, irrespective of whether they were directly affected by the incident or not. Such gestures often serve to rebuild trust and retain customer loyalty, particularly in an era where digital assaults can lead to business closures.

Ascension Hospital has also engaged law enforcement agencies to expedite resolution and is actively monitoring the internet to prevent the sale of compromised information on the dark web, recognizing the potential for further harm to affected individuals, given the sensitivity of personal data involved.

Prior to this incident, Ascension faced scrutiny in November 2019 for sharing healthcare data of its patients with Google to enhance its AI-driven projects.

Following this latest breach, a resident of Hays County has initiated legal proceedings against Ascension, alleging negligence in safeguarding customer data from ransomware criminals associated with BlackBasta.

The post Ascension Ransomware attack occurred due to employee mistake appeared first on Cybersecurity Insiders.

Microsoft gets itself into a pickle with a privacy-popping new feature on its CoPilot+ PCs, the FTC warns of impersonated companies, and is your company hiring North Korean IT workers? All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by author, journalist, and podcaster Geoff White.

In the ever-evolving landscape of cybersecurity, organizations face a multitude of threats that can compromise their sensitive data and operations. While external threats from hackers and cyber criminals are well-recognized, there’s an often-underestimated risk that originates from within – the insider threat. This article explores the potential dangers posed by employees and examines whether they can prove riskier than external hackers.

A. The Insider Threat: Internal security breaches can come from employees, contractors, or business partners who have inside information, either maliciously or inadvertently exploiting their access privileges. Unlike external threats, insiders are already within the trusted perimeter of an organization, making them potentially more difficult to detect and mitigate.

1. Malicious Intent: Employees with malicious intent can pose a significant risk to an organization. Whether driven by personal grievances, financial gain, or ideology, insiders may purposefully compromise data integrity, leak sensitive information, or sabotage systems. Unlike external hackers who must bypass security measures, insiders often possess the knowledge to navigate these defenses.

2. Unintentional Risks: Not all insider threats stem from malicious intent; unintentional actions by employees can also lead to security vulnerabilities. Accidental data leaks, sharing sensitive information without proper authorization, or falling victim to phishing attacks can all result in compromises to an organization’s security.

3. Insider Knowledge: One distinguishing factor that makes employees potentially riskier than hackers is their in-depth knowledge of an organization’s systems, processes, and security protocols. This insider knowledge can be leveraged to bypass traditional security measures, making it challenging for organizations to stay one step ahead of potential threats.

4. Difficulties in Detection: Detecting insider threats can be more challenging than identifying external attacks. While organizations deploy advanced cybersecurity tools to monitor and respond to external threats, internal actors may fly under the radar, making it crucial for companies to invest in comprehensive monitoring and behavioral analytics.

B. Mitigating Insider Threats: To address the risks associated with insider threats, organizations must implement a multifaceted approach:

1. Employee Education: Provide comprehensive training to employees regarding security best practices, the potential risks of insider threats, and the importance of adhering to company policies.

2. Access Controls: Implement strict access controls to limit the permissions granted to employees. Regularly review and update access privileges based on job roles and responsibilities.

3. Behavioral Analytics: Utilize advanced analytics tools to monitor and analyze employee behavior, identifying anomalies that may indicate potential insider threats.

4. Incident Response Plan: Develop and regularly update an incident response plan that specifically addresses insider threats. Ensure that the plan includes steps for investigation, containment, and mitigation of such incidents.

Conclusion

While external hackers remain a significant threat, organizations should not underestimate the potential risks posed by their own employees. The insider threat, whether intentional or unintentional, can have severe consequences for data security and business continuity. A comprehensive cybersecurity strategy that encompasses employee education, access controls, behavioral analytics, and a robust incident response plan is essential for mitigating the risks associated with insider threats. By recognizing and addressing these challenges, organizations can create a more resilient defense against both external and internal threats.

The post The Insider Threat: Can Employees Pose a Greater Risk than Hackers appeared first on Cybersecurity Insiders.

[By John Stringer, Head of Product, Next]

Cybersecurity teams work extensively to keep external attackers out of their organization’s IT environment, but insider threats present a different, equally as difficult, challenge. Identifying insider threats is growing increasingly complex, and, as opposed to external threats, insiders always have some degree of access to systems and data.

What are insider threats?

Insider threats are caused by an employee, service provider, contractor, or privileged business user’s accidental or deliberate actions that compromise an organization’s data security. Through negligence or malice, insiders can cause damage to your organization’s data, systems, networks, equipment, intellectual property, personnel, and facilities.

For the parties mentioned above, accessing data is not a red flag. They most likely do it daily. To that extent, specific behavioral indicators enable cybersecurity teams to differentiate insider threats from regular activity. These behavioral indicators include odd working hours, sudden changes in finances, declining performance, and frequent absences from work.

Five insider threat indicators

Whether intentional or not, the signs of suspicious behavior generated by an insider can be subtle and hard to detect. On the one hand, accidental insider threat types include unwitting and careless users who are either manipulated into performing a malicious activity or attempting to save time by cutting corners, inadvertently bypassing security policies.

On the other hand, when someone deliberately seeks to hurt or negatively impact the organization, they pose a malicious insider threat. When it comes to malicious insiders, the motivation is often financial gain, but others act out of revenge and political or ideological differences. Whether malicious or accidental, effective insider threat detection and identification requires a proactive approach regardless of the threat type. To do so, cybersecurity teams must know the common insider threat indicators. Security personnel should monitor the IT environment for the following insider threat indicators, and in most insider threat cases, only a few of these indicators will be present.

  1. Unusual login behavior

When users access the same systems regularly, a pattern is established that can be observed by monitoring system logs. When one of these users suddenly varies from their usual patterns, they may be doing so for nefarious reasons.

A user repeatedly attempting to log into systems for which they are not authorized may indicate a malicious insider is trying to compromise enterprise resources. Similarly, users logging into systems at odd hours may be a result of them trying to act covertly.

  1. Repeated attempts at accessing unauthorized applications and data

An unwarranted increase in unauthorized access attempts for systems or applications containing sensitive information may indicate an insider threat. Every organization must have strict access management procedures that ensure that only those with a business need can view or process sensitive data.

Additionally, a malicious insider may spy on an authorized user and then try to gain access using password variations based on their observations. This type of threat indicator should provide the user’s identity so security personnel can watch them more closely.

  1. Excessive data downloads

Users excessively and unexpectedly attempting to download large databases or sensitive files may be trying to steal valuable information from the organization. Excessive downloads become even more suspicious if conducted outside working hours or remotely. However, these suspicious behaviors are incredibly challenging to identify in digital-first, global work settings, as remote employees engage in these activities regularly.

Security personnel must establish a baseline of regular activity for their users and devices to distinguish anomalous behavior effectively. If a user changes from their typical download habits, the security team should investigate the users responsible for the download attempts to determine if they have a legitimate reason for this activity.

  1. Escalating privileges

An insider may try to gain access to information and systems that pose a risk to an organization by requesting escalated privileges that fall beyond the scope of their work duties. Privileges should only be granted for business reasons, and anyone making repeated, abnormal requests should be carefully monitored.

  1. Non-technical indicators

Indications that an insider may threaten an organization go beyond just the technical aspects of their day-to-day activities. Indicators can also be derived from personal behavior or issues that are not directly related to their job. For example, individuals in financial distress or angry at corporate decisions may become an active threat.

Addressing insider threat indicators

Insider threat detection necessitates a forward-thinking strategy. Risk assessments and audits help to identify vulnerabilities in an organization’s security measures. Addressing these gaps and strengthening the cybersecurity processes and procedures that protect a company’s valuable data reduces the risks of insider threats.

Beyond evaluations, modern insider risk management and data loss prevention (DLP) solutions leverage advanced analytics and threat intelligence to identify early indicators of potential insider threats and automatically restrict risky and malicious activity. By enforcing the organization’s data handling policy, a DLP platform keeps unauthorized users away from sensitive resources and provides reports that can be used to investigate potential insider threats before they cause damage to the company.

The post Identifying Insider Threats: Addressing the Top Five Insider Threat Indicators appeared first on Cybersecurity Insiders.

by Steve Povolny, Director, Security Research at Exabeam

Artificial intelligence, or AI, as it’s commonly known, is all the rage these days. The widespread availability of free generative AI tools like ChatGPT has allowed the technology to be embraced by the average person for many purposes, ranging from responding to emails to updating a résumé, writing code, or even developing movie scripts. While it may seem novel to some, AI has actually been around since the mid-1950s. In the nearly 70 years since then, AI is now rapidly transforming the world – and the security industry is no exception.

Leading this cybersecurity evolution are generative AI and natural language processing (NLP). For security professionals in the SOC, generative AI can create consequential and actionable security content conclusions. NLP, for its part, can greatly improve the user experience for searching, dashboarding, event correlation, and more. There are features of AI that provide benefits to various roles inside the SOC, and the prospect of streamlining or augmenting human capabilities to increase security throughout the enterprise is exciting.

However, there is a dark side to this innovation. Having generative AI search engines so accessible means that many of your employees and customers could be sharing sensitive data into these functions. What many people haven’t considered is, like any other software, AI search engines can be compromised. If and when this happens, it can lead to a major headache for your organization due to the rise in risk – which can be accelerated by insider threats. In this article, we’ll explore generative AI’s role in insider threats, as well as what organizations can do to protect against the dangers.

Same problems, evolving applications

Phishing attacks have plagued organizations since the early aughts when cybercriminals became more organized around the technique of using email to deceive users into clicking malicious links and providing sensitive information or credentials to accounts. Unfortunately, generative AI can make this routinely successful cyberattack even more effective by producing persuasive missives, rendering them nearly imperceptible as fraudulent, and allowing criminals to dramatically improve their rate of success.

Of course, there is great irony in using generative AI in social engineering attacks, too. Typically social engineering relies on human interaction to be carried out, but generative AI can take the human out of the loop, making it harder for unsuspecting victims to determine if they are dealing with a legitimate user who can be trusted. Generative AI has already led to widespread misinformation and the creation of fake profiles on social media. Specifically, deepfake technology, which generates realistic images, videos, or audio content impersonating a trusted individual, can easily manipulate other users, resulting in unauthorized access to information or the transfer of sensitive information that leads to theft or extortion.

We know from experience that threat actors do not lie in wait – they are working quickly to find new schemes and novel ways to compromise people using AI. The best defense is knowledge. Train your staff on being a critical defense layer to your organization. Regard all new employees as vulnerabilities until they are fully trained and aware of policies for proper AI usage in the workplace. Teach them to report suspicions of deep fakes or phishing to security teams immediately, and deploy stronger authentication methods, so that it is more difficult for cybercriminals to impersonate staff. Regarding devices and systems, implementing a rapid and effective patching policy and inventory management systems can provide the awareness and responsiveness needed to deal with modern threats.

Don’t hate the player. Hate the game.

Another issue that we must consider with generative AI is its ability to compromise computing systems through the use of generated artificial data. “Adversarial” generated content can be weaponized to manipulate system behavior, fool advanced classification systems, or launch attacks on systems, leaving an organization vulnerable to a breach, data leak, and other harmful security risks.

Consider, for example, how impactful this situation becomes when combined with faux identities. A generated fake identity, such as an image, video, or social media account could be leveraged to access sensitive information and bypass identity-based security measures.

Taking this a step further, machine learning can be used for progressive evasion of security systems and pose a significant threat, especially when it comes to launching AI-driven malware. AI-generated malware can change swiftly, based on a target or environment – which is exactly what makes it much harder to detect and defend against.

The weaponization of AI works both ways

The good news is that, just as criminals are embracing AI, so are defenders. There are many benefits to using AI for each role within an organization, including security engineers, SOC analysts, and even the CISO. One of those benefits is automation, which empowers security teams by freeing them so they can then focus on more complex tasks, like designing and implementing new security measures.

AI can also identify security incidents more quickly and accurately, making a security analyst’s job easier by eliminating some of the noise associated with false positives. Because of this, an analyst can respond to incidents more effectively and reduce the risk of successful attacks.

Threat hunters can use AI outputs to achieve higher fidelity detections, improve search capabilities and experience, and natural language processing (NLP) can simplify the explanation of complex threats, improving hunting capabilities. SOC managers will understand threats more easily, and use natural language to search, develop playbooks, and generate and interpret dashboards.

Finally, CISOs taking advantage of AI can gain a better understanding of their organization’s security posture and make more informed decisions about where resources are needed to address security incidents and vulnerabilities.

For those of us working in cybersecurity, the growth of attacks using generative AI might be novel – but the constant need to adjust our protection methods in an ever-evolving threat landscape is not. We are accustomed to adapting our approach, improving the technologies, and evolving our defenses to protect from the newest menace. This is what we must do now to address the growing threats of AI-driven attacks. We must invest in research, collaborate with policymakers and other cybersecurity experts, and develop new tools that neutralize malicious uses of AI.

The post Generative AI: The Unseen Insider Threat appeared first on Cybersecurity Insiders.

A few days ago, our Cybersecurity Insiders reported an alarming trend: hackers are actively persuading employees of corporate firms to surrender their login credentials, providing a gateway for unauthorized network access.

Now, sources on Telegram are forecasting an escalation in cyberattacks, particularly involving malware and file-encrypting malware. These predictions suggest that criminals will increasingly exploit employee credentials to breach networks. This ominous outlook primarily pertains to data centers responsible for managing, storing, and sometimes analyzing clients’ and customers’ sensitive data.

Yes, you read that correctly!

Data centers in Western regions and those operating in Europe and Asia are anticipated to face a growing insider threat. Apparently, malevolent actors on the dark web have successfully manipulated employees from at least six major companies into divulging their login details. However, the identities of these targeted firms remain undisclosed, as the Telegram sources have opted to unveil this information in February of the coming year. The rationale behind this delay is to avoid negatively impacting ongoing campaigns orchestrated by adversarial nations in the Western hemisphere.

While concrete evidence is lacking to corroborate these claims, it appears that a hacking collective is orchestrating a campaign where employees are induced to surrender their company’s confidential information in exchange for compensation. This compensation is seemingly substantial enough to secure the livelihood of the participating insider, even if they are subsequently exposed or found guilty.

Several diligent researchers from a prominent UK-based cybersecurity firm are hot on the trail of these criminals, actively working to pinpoint their locations. They are on the verge of providing law enforcement authorities with comprehensive details and evidence before the situation escalates further.

The post Insider Threats nurtured for circumnavigating data centers appeared first on Cybersecurity Insiders.

With autumn leaves falling and September firmly underway, the time has come to note and reflect on National Insider Threat Awareness Month. The month acts as a reminder of the importance of taking steps to avoid insider threats across every industry, during a time when data breaches constantly plague news headlines. A report from last year highlights the danger, revealing  that more than two-thirds (68%) of data breaches at firms were caused by insiders.

With this in mind, we spoke to seven security experts to get their knowledge and advice on how best to avoid accidental breaches.

With trust comes empowerment

Through the malicious use of physical social engineering, cybercriminals psychologically manipulate individuals to trick them into making security mistakes. Andy Swift, Cyber Security Assurance Technical Director at Six Degrees, warns of the dangers of such practices, and the importance of encouraging employees to act.

“Most people’s natural reaction to someone standing outside with a coffee in each hand is to open the door to assist them, but this is exactly where the vulnerability lies. It isn’t rude to ask someone where their credentials are; if they should be there, they have nothing to hide!

“When done right, employees can be the eyes and ears of an organisation. Where someone behind a security camera won’t look twice at an ‘employee’ riffling through files, real employees are well-positioned to question the intruder. But they are only likely to do so if they’ve been taught to challenge people they do not recognise, and that reporting any uncertainties is perfectly acceptable.”

Drata’s CISO, Matt Hillary, values reliable infrastructure, but only with an inspired and empowered team behind it.  “It’s important to note that continuous compliance should not be viewed as a replacement for a robust cybersecurity policy, but rather as a complementary strategy that helps facilitate a culture of security. Threats from insiders will always exist – whether malicious intent or genuine mistake – but by working together, security and compliance teams can go a long way to mitigating the risk.”

Knowledge is power, and sharing is caring

With the consequences of data breaches being so  , it is no longer optional to educate employees on how to protect their data. A thorough understanding of insider threats is needed to prevent the most serious of attacks.

“The actions of insiders are incredibly unpredictable and worse, anyone, anywhere can become a threat. As such, defences must be entirely robust, without overwhelming security teams with an unmanageable volume of alerts,” says Richard Orange, Vice President of EMEA Sales at Exabeam. “Businesses need to employ a mixture of comprehensive cybersecurity training for all employees and modern security solutions that allow them to gain a full overview of their insider threat landscape.”

“Giving employees the training to go from potential victims to the first line of defence requires awareness of traditional and emerging social engineering and phishing tactics. Organisations must provide comprehensive training to educate employees about identifying and mitigating risks associated with all attacks, especially ones leveraging gen AI,” adds Skillsoft’s CISO, Okey Obudulu.

“This includes imparting knowledge about the latest phishing techniques, raising awareness about the dangers of engaging with unknown entities and promoting vigilant behaviour online. Robust threat detection technologies that leverage advanced machine learning algorithms can also be implemented to help identify anomalies and potential attacks.”

Offer support with the latest tech

 While educating staff is an essential part of preventing insider threats, it is also important to use the latest technology to help employees avoid harmful breaches of their personal data. With the sophistication of cyber-attacks increasing, it is imperative that businesses keep up.

Brett Candon, Vice President International at Cyware, emphasises how intelligence sharing can help businesses get ahead of attacks. “Threat intelligence as a next-generation approach to cybersecurity – often referred to as cyber fusion – unifies all security functions such as threat intelligence, security automation, threat response, security orchestration, incident response, and others into a single connected platform which detects, manages, and responds to threats in an integrated and collaborative manner. The importance of collaboration – inside and outside the organisation – cannot be overstated.”

“In addition to the essential commitment to training and the use of MFA, insider threat or not, organisations also need to come to terms with the fact that it is a case of ‘when’ they will be attacked, rather than ‘if’. This is why investment in effective recovery technology is vital for organisations to protect themselves against the fallout of an insider threat-driven data breach or ransomware attack, which can lead to costly disruptions if operations are not restored swiftly,”adds Zerto’s, a Hewlett Packard Enterprise company, Director, Technical Marketing and Training, Kevin Cole.

With AI coming into every business’ repertoire, Patrick Beggs, CISO at ConnectWise, points to how leaders should recognise it’s benefits in aiding insider threat prevention. “To enhance their ability to detect and prevent insider threats, organisations can leverage artificial intelligence for context-aware monitoring, anomaly detection and behavioural analytics.

“By consuming billions of data artifacts, AI quickly learns about emerging risks, identifying malicious files and suspicious activity much faster and more accurately than a human ever could. It then applies its findings to predict activities, identifying them as they occur and assigning them a severity level for remediation.”

Insider threats are one of the many ways cybercriminals can infiltrate an organisation, triggering havoc and long-term harm. However, these cracks of vulnerabilities can be filled by adopting education, encouragement and innovation into the culture of an organisation, which heavily strengthens the security landscape of the company. With teamwork, mountains can be moved, and National Insider Threat Awareness Month is the time to take the first step.

The post Insider Threats: Why Human Error Is Your Biggest Cybersecurity Risk (and How to Address It) appeared first on Cybersecurity Insiders.