Organisational insiders have long faced a barrage of cyber-attacks. As the last line of defence between cybercriminals and your data, systems, and networks, they are understandably a highly prized target.
Recently, however, this barrage has intensified. Insider threats have increased by 44 percent since 2020, with 61 percent of companies experiencing more than 21 incidents per year.
And it’s an expensive business.
In the UAE and KSA, 29 percent and 34 percent respectively of CISOs surveyed in 2021 by Proofpoint expected to face an insider threat attack in 2022, making it one of the main concerns for security leaders in the region.
Organisations impacted by insider threats now spend an average of $15.4 million in response, up from 34 percent. As if this weren’t damaging enough, around a fifth of insider threats lead to credential theft, the cost of which has increased by an incredible 63 percent since 2020, now standing at $4.6 million per year.
What’s behind the rise of the insider threat?
To get a handle on this worryingly rapid rise, we must first understand the factors contributing to it. And with incidents increasing markedly since 2020, there is one fairly obvious culprit.
Working practices have changed considerably in response to the pandemic, and while we cannot lay the blame entirely at the door of remote and hybrid working, it has undoubtedly played a part. Opportunistic cybercriminals increased the sophistication and frequency of their attacks during the height of the disruption, using COVID-19 as a lure to trick unwitting victims.
To make matters worse, the powerful collaboration tools used to keep us connected in the work from anywhere world make it easier than ever to share and expose sensitive information. Meanwhile, employees, many not used to working outside of the traditional surroundings of the office, are more prone to making the types of mistakes seized upon by threat actors.
And this is just one part of an increasingly complex problem. Just as many organisations have adapted to securing hybrid setups in the long term, another issue has reared its head – the great resignation.
The leaver challenge: Staying secure during the great resignation
Post-pandemic burnout, a desire for greater freedom, changing priorities, poor childcare options – there are many theories as to why employees are leaving their jobs in record numbers. The ramifications for cybersecurity, however, are not up for debate.
Despite the best efforts of security teams, when an employee leaves, it is not uncommon for their data to leave with them. This may be unintentional, such as saved credentials on a personal device, but in many cases, it is deliberate. For example, former employees may wish to hang on to data that could help them in their new job or feel ownership over the information they worked on during their employment.
Whatever the reasons, protecting information once it leaves your organisation is an impossible task. It is now well outside your perimeter, not so safely in the possession of a former employee with an apparent disregard for security best practice.
Job leavers present another problem too, especially in such high numbers. Employees are once again more prone to the kind of mistakes that cybercriminals love, like using business devices for personal use or absentmindedly clicking on malicious links.
Some employees leaving jobs are also a valuable target for cybercriminals. They may be inclined to sell data and credentials to cybercriminals once their leaving date is on the horizon.
Protecting the people perimeter
Whether it is physical differences such as remote working or new perspectives like the many reasons behind the great resignation, the working world has changed irreversibly.
Sixty-two percent of Saudi CISOs and 66 percent of UAE CISOs agree that remote working has made their organization more vulnerable to targeted cyberattacks.
In this new world, the traditional outside-in defence is no longer fit for purpose. Today, your perimeter is wherever your people are – and you must equip them with the tools and expertise to defend it.
Regular monitoring of online spaces and collaboration tools is a must. Time is a critical factor with insider threats.
It’s also vital that every member of your team understands all policies and regulatory requirements related to their work, wherever they carry it out. Most importantly, they must understand the potential consequences of failing to comply with these stipulations – even after they have left your employment.
As with any new development in the way we work, the risks associated with hybrid environments and record resignations can be mitigated. But the time to act is now. The longer bad habits form, the harder they are to break.Â
Emile Abou Saleh is the regional director for the Middle East and Africa at Proofpoint
