![\"Biggest](\"https:\/\/ieeecs-media.computer.org\/wp-media\/2023\/03\/29120124\/Biggest-Insider-Threats-of-2022-lessons-learned-and-key-takeaways-for-2023.jpg\")
At the end of 2022, many cybersecurity companies published annual reports on the cybersecurity sector. Evolving and sophisticated attacks, scarcity of cyber resources, changes in data privacy laws, and highly experienced and trained bad actors are some of the cyber demons that tortured businesses and cybersecurity professionals throughout 2022. Additionally, these reports mentioned the insider threat lurking in the physical, digital, and cognitive domains and involving businesses\u2019 most trusted entities: humans.<\/p>\n
Businesses tend to underestimate the insider threat. They must realize that new trends such as working from anywhere, BYOD policies, phishing, smishing, and AI chatbot technology coupled with untrained, disgruntled, or disappointed employees increase the insider threat. Instead, businesses focus their concerns on securing the perimeter of their infrastructures to improve their cybersecurity posture and protect their tangible and intangible assets from outsiders\u2019 cybercriminal activities. Undoubtedly, the insider threat shall not be overlooked.<\/p>\n
\u00a0<\/p>\n
The Insiders<\/h2>\n
\n
An insider is every person who works for a business and contributes directly or indirectly towards its wealth and evolution. Insiders can be employees, partners, and contractors valuable to each company. They are an asset for every organization, but can also become a significant threat if overlooked.<\/p>\n
\u00a0<\/p>\n
What Are the Signs of Insider Threats?<\/h2>\n
\n
The working environment evolves and gets more dispersed. Nowadays, employees enjoy working conditions from the comfort of their homes. They are allowed to use their personal computers for their work, the same they use to surf the internet and their social media world. They may even store their companies\u2019 sensitive data, customers\u2019 bio-data, and clients\u2019 addresses on their laptop\u2019s hard drive and plug their friend\u2019s USB to copy a few photos of last weekend\u2019s party. Negligence is a significant factor, but not the only one; employees can be malicious to leverage benefit out of their illegal acts.<\/p>\n
Insider threats can be grouped into one of the following categories: a careless worker, a credential thief, or a malicious insider. Organizations must continuously oversee their operations and their insiders for signs that may trigger the \u201cdanger bell.\u201d<\/p>\n
\u00a0<\/p>\n
\n
\u00a0<\/p>\n
Want More Tech News? Subscribe to ComputingEdge<\/i> Newsletter Today!<\/strong><\/p>\n \u00a0<\/p>\n \u00a0<\/p>\n These signs involve human behavior that deviates from the security framework and can be:<\/p>\n \u00a0<\/p>\n The impact of insider threats exponentially increases the direct and indirect costs for a business. Illegal activities and employees\u2019 negligence impact organizational productivity, damage assets, increase the cost for a company to detect and remediate systems and processes, and have a legal and regulatory impact. Furthermore, businesses that suffer an insider attack lose confidence and trust among key stakeholders while diminishing their marketplace brand and reputation.<\/p>\n According to Ponemon Institute 2022 Cost of Insider Threats report:<\/p>\n \u00a0<\/p>\n It is a positive sign that more organizations and businesses are aware of insider threats. According to Gurucul\u2019s 2023 report, insider threats are a top concern for most organizations, while 75% of the respondents admitted they feel vulnerable to insider threats.<\/p>\n Businesses are trying to prepare themselves against evolving threats, although in many cases \u2013 especially across the cloud \u2013 they need more technical capabilities to detect and prevent them. The desire to become the best in their field puts them at a higher risk of insider threats. Wanting to go digital, the ongoing migration to the cloud, the accelerating use of endpoint and internet of things (IoT) devices, alongside the adoption of other strategies, always makes a company more vulnerable.<\/p>\n No matter how well the digital perimeter of a company is safeguarded, insider activity is difficult to control and can severely affect every company. The dangers posed by workers who may unintentionally disclose information due to carelessness or simple errors or by malicious insiders who steal sensitive material on purpose for personal gain must be addressed by organizations effectively. Some actions companies must consider to battle insider threats include tailored and engaging security awareness training, educational programs on the new threats, internal cybersecurity audits, and the use of specialized software products.<\/p>\n \u00a0<\/p>\n Christos Flessas is a Communications and Information Systems Engineer with more than 30 years of experience as an Officer of the Hellenic Air Force (HAF). He is an accredited NATO tactical evaluator in the Communication and Information Systems (CIS) area and the National Representative (NatRep) at Signal Intelligence CIS and at Navigation Warfare (NavWar) Working Groups. Christos holds an MSc in Guided Weapon Systems from Cranfield University, UK. He has also attended numerous online courses such as the Palo Alto Networks Academy Cybersecurity Foundation course. His experience covers a wide range of assignments, including radar maintenance engineer, software developer for airborne radars, IT systems manager, and Project Manager implementing major armament contracts.<\/p>\n Christos is intrigued by new challenges, open-minded, and excited about exploring the impact of cybersecurity on industrial, critical infrastructure, telecommunications, financial, aviation, and maritime sectors. Christos is also a writer for Bora.<\/p>\n \u00a0<\/p>\n Disclaimer:<\/strong> The author is completely responsible for the content of this article. The opinions expressed are their own and do not represent IEEE\u2019s position nor that of the Computer Society nor its Leadership.<\/p>\n<\/div><\/div>\n
\n\n
Facts and Impact of 2022\u2019s Insider Threats<\/h2>\n
\n\n
Threat awareness and things to do<\/h2>\n
\nAbout the Author<\/h2>\n
\n