When we think of threats to our company’s cybersecurity, the first thing that comes to mind is attacks from the outside. But this line of thinking sometimes leads us to forget another crucial feature of the threat landscape: internal threats. Only about half of companies are aware of the risk of falling victim to cyberattacks due to employee negligence or even “inside jobs”. According to estimates from Haystax, however, the costs of this type of threat could reach into the millions.
What dangers can arise from this kind of threat? Internal threats can usually be boiled down to negligence or malicious intent. The first case is usually more common than the second. It often occurs because of a deficiency in the organization and security plans of the company itself, which allows users or employees to open a security gap without even knowing it. For example, an e-mail with a concealed file carrying malware could be the trigger for an infection on the network and a potential danger to business cybersecurity. This has been seen in hotels, various companies, industry, and even the latest ransomware attacks that have caused millions of losses. And the beginning of the problem appears many times within the company itself.
The second case is one of the most feared, and for good reason. But it also goes underappreciated, as many companies seem to think “it can never happen to me”. It can happen, however, and it happens all the time. To give one example, Verelox, a Netherlands-based hosting service provider, suffered the loss of client data when an ex-administrator wiped their servers, causing a major setback to the company and compromising clients’ trust.
In both cases, the main players jeopardizing cybersecurity are privileged users and administrators, according to surveys, followed by consultants and temp workers. But, fortunately, both cases are easy to solve with better organization and the right tools. Tools such as Panda Adaptive Defense prevent attacks at the endpoint, the most common launching point for internal attacks, to protect the computer from any malicious process in an effective and immediate way.
Monetizing the attack
Customer data is among the most vulnerable to an internal attack, and are one of the main targets as it can later be sold for a profit. Financial data or intellectual property are also subject to such attacks, albeit to a lesser extent. Most internal cybersecurity issues stem from the monetization of data, rather than fraud or sabotage. Industrial espionage, in fact, is relegated to a lower rung in surveys dealing with the level of concern regarding internal threats. This is due to a decrease in levels of data protection, coupled with the ease of selling customer data for commercial use.
Prevention is possible
Some of the most serious predictions of the survey warn of the impact it could have on government agencies. The main difficulty lies in the fact that the threat originates from the inside, since in most cases the culprits are users with authorized credentials and a high level of clearance. The problems of corporate cybersecurity also tend to accumulate as more and more data is generated. This data sometimes escapes the iron grip of a security system with the help of an insider.
Observing and monitoring employee behavior within the network, checking server logs for suspicious activity, and leveraging specific data to perform scans to predict a potential internal threat can save a company from overwhelming losses. Solutions like Panda Adaptive Defense 360 and others combine state-of-the-art protection (NG EPP) and detection and remediation (EDR) technologies, with the ability to classify 100% of running processes. These capacities translate into data that is more secure from threats both internal and external.