If you thought masked hackers in dark rooms stealing data and threatening the integrity of your company's core systems were your only security concern, think again.
High profile cybercriminals have dominated the headlines in recent years, with frequent news of well-known organisations experiencing significant outages or notifiable data breaches. This has caused many Australian business leaders to become concerned about the enemy within.
According to recent research from CERT Australia, the federal government’s cybersecurity agency, Australian businesses should definitely be cognisant of this issue. More than half the businesses surveyed for CERT Australia's 2018 Insider Threat Report experienced an insider attack, and 90 percent of respondents believed themselves to be vulnerable. CA Technologies’s Insider Threat 2018 Report notes that 28 percent of data breaches involve trusted insiders—folks who have access to critical resources but are either cavalier about protecting them or are prepared to misuse the privilege.
While external attacks tend to be swift and obvious, insider attacks can be insidious. Some fly under the radar for months, and even years, with cumulative damage that’s more devastating than a major, one-off data breach or sudden outage.
Not all insider attacks are driven by malice; in fact, carelessness and negligence are more commonly the cause of adverse incidents. That said, when it comes to counting the cost of the damage, the motive is irrelevant.
The rising costs of compromising on cybersecurity
The costs associated with a successful hacking attempt or data breach are high and rising. Cybercrime costs Australian businesses $1 billion a year in direct costs alone, according to the Australian Criminal Intelligence Commission. According to Frost and Sullivan researchers, if fines, lawsuits, remediation and the hit to profitability are added to the tab, the potential direct economic loss experienced by Australian businesses could be as high as $29 billion a year.
The European Union’s GDPR privacy regime allows for fines of up to 20 million Euros, or four percent of global turnover, to be imposed on any company that stores the data of EU citizens, should privacy be breached in a significant way.
The maximum penalty of $1.8 million imposable by our local watchdog, the Office of the Australian Information Commissioner, looks relatively tame compared to these eye-popping numbers.
Managing insider threats
Preventing insider threats is no simple matter. CERT advises that doing so effectively calls for behavioural, cultural, and technical mitigation strategies.
Implementing rigorous recruitment practices, background checks, and a workplace culture that values transparency and integrity will reduce the likelihood of employees acting maliciously.
Cultural and behavioural initiatives, including cybersecurity training, should be underpinned by technology to help your security team identify potential insider threats swiftly and take action to neutralise them.
The power of machine learning
When the traditional security solutions are deployed, it's difficult to accurately detect unusual user behaviour. False positives are common—so much so that genuine anomalies can easily be overlooked or dismissed by security staff conditioned to dealing with dozens of false alarms each day.
User behaviour analytics software has a more straightforward approach than traditional security solutions. Drawing on the power of machine learning, such software tracks how individual employees access corporate systems, and it maps their unique activity patterns over time. Once this baseline information has been recorded, it becomes significantly easier to identify activity that deviates from the norm. The software can flag abnormal user behaviour, privilege abuse, threats caused by negligence, and the presence of malware on servers.
Abnormalities likely to result in alerts include an unusual volume of a specific event, a user logging into a machine they don’t normally access, or an attempt to access a specific resource for the first time. Also, unusual file activity, such as modification, copying, and deletion, will trigger an alert.
Swift detection of suspicious activity results in a timely investigation and less likelihood of a hefty remediation bill down the line.
Time to act
In a climate of rising cyberthreats, protecting your enterprise from external enemies is a no-brainer. Prudent Australian business leaders are already doing so. However, organisations tend to overlook the dangers associated with the enemy within. By doing so, they're playing Russian roulette with the economic wellbeing of their enterprises. It's time for organisations to implement technology to detect and neutralise internal threats to reduce the likelihood of a successful insider strike.