interference

Foreign Interference Is Driving Up Insider Risk

Insider threats are becoming one of the biggest cybersecurity challenges facing today’s CISOs. A recent Securonix study claims that 76% of organisations have experienced increased employee threat activity in the past five years. Yet, despite this, less than 30% feel they possess the tools to deal with them, and only a fifth (21%) are operating an insider threat program.

Yet although some threats are getting more sophisticated, industry best practices backed by compliance with global standards can go a long way to mitigating risk.

A Wide Spectrum of Misbehaviour

The Securonix report also explored some of the main reasons behind insider threats, including a lack of employee training and awareness (37%), the rise of new technologies (34%), insufficient cybersecurity protections (29%), complicated IT environments (27%) and disgruntled staff (25%).

These incidents are becoming both more varied and frequent, according to Alun Cadogan, a consultant at IT services firm Prism Infosec. He tells ISMS.online that they represent a “wide spectrum of misbehaviour” that includes everything from IP theft to intentional acts of sabotage.

“The current economic downturn has seen a surge in insiders being recruited by organised criminal gangs over social media platforms,” he explains. “There’s also intense competition in the marketplace, leading to companies resorting to recruiting insiders in rival firms. This stems from advancements in technological innovation and with the contest for such knowledge [rising] among global competitors.”

For businesses that fall victim to insider threats, the damage can be significant. Cadogan says they can result in financial loss, disrupted operations, reputational damage and reduced competitiveness.

The Nation State Threat

As well as increasing in volume, insider threats have also become more complex in recent years. Insiders are now colluding with foreign adversaries to boost the effectiveness of their campaigns.

In its 2024 Insider Risk Investigations Report, which is based on over 1300 global customer investigations, DTEX reveals a 70% increase in customers looking to mitigate the threat of foreign interference. It claims the issue predominantly affects critical infrastructure and public sector organisations.

Prism Infosec’s Cadogan explains that insiders may turn to foreign governments for funding, advanced technical tools, intelligence and strategic motives to help improve the outcome of their attacks. Such resources make insider threats more complicated and destructive, he adds.

He warns that foreign adversaries don’t just work with insiders to access sensitive corporate information; they may also aim to manipulate a company’s operations or sabotage its products and services based on “broader geostrategic objectives”.

“This places enormous demands on security procedures, requiring much more than just internal security controls,” Cadogan adds. “It requires international cooperation and intelligence-sharing to reduce the risk to acceptable levels.”

Other Insider Threats

The theft of intellectual property and data is another common insider threat, accounting for 43% of DTEX’s customer investigations. According to the report, the industries most affected are technology (41%), pharmaceuticals (20%) and critical infrastructure (14%).

The vendor claims that 15% of employees leave organisations with sensitive IP, whereas many more people (76%) remove non-sensitive proprietary data. But the latter can be just as damaging to businesses when it ends up in the hands of cybercriminals, DTEX warns.

Jake Moore, global cybersecurity advisor at ESET, explains that cyber-criminals may attempt to access sensitive corporate information by approaching employees on websites like LinkedIn. They might ask for simple things like USB sticks containing sensitive information or login credentials in return for rewards.

While many insider threats are deliberate, they can also be unintentional. In fact, a quarter (24%) of DTEX’s investigations involved unauthorised and accidental disclosure, while there was a 62% rise in the use of prohibited applications such as unsanctioned browsers and browser extensions.

“Accidental threats might include employees inadvertently bringing in malware or enabling data leakage, which can often be mitigated with annual and ad-hoc training programs for all staff,” Moore tells ISMS.online.

Using generative AI tools in the workplace can also result in the accidental disclosure of sensitive corporate information, especially if it is inputted into an AI chatbot like ChatGPT. The vast majority of DTEX customers (92%) are concerned with this issue, with 41% of them citing employees who use this tech in their jobs.

“Generative AI can accidentally disclose sensitive data it may have learned during the training process, potentially revealing personal or confidential information,” explains Moore.

“Insider threats accelerate this risk if individuals with access manipulate the AI’s outputs or training data which can lead to deliberate or unintentional data leakage.”

Containing the Threat

As insider threats become more common across all industries, taking steps to identify and mitigate them is key. That’s where globally recognised information security standards like ISO 27001 and 42001 can help.

Prism Infosec’s Cadogan believes that they provide a “methodical framework” that enables companies to decrease the risk of insider threats. He says ISO 27001 stands out because it provides an integrated approach to dealing with people, process and technology,
such as employee security awareness training.

“In the latest version released in 2022, there’s a new addition: control 5.7. This is an organisational control that focuses on threat intelligence, including the identification of threat sources, of which insider threats are counted,” he says.

Meanwhile, ISO 42001 can help companies ensure their employees use AI tools responsibly and ethically, he says.

“It aims to counter the risks associated with AI, such as ensuring the AI is not corrupted through its training data – or data poisoning – and that it provides fair and unbiased outcomes,” Cadogan argues. “Both could happen if the system is compromised by a rogue insider.”

Sean Wright, head of application security at Featurespace, points out that getting cybersecurity basics right will also allow firms to reduce insider threats and their impact. In particular, he recommends following the principle of least privilege, which ensures employees only have access to the information they need to do their jobs.

Wright says monitoring for signs of suspicious activities will help businesses identify insider threats, too. He tells ISMS.online: “At the end of the day, security should be a layered approach where if one control fails, another should be in place to limit the impact of that failure.”

Explore ISMS.online's platform with a self-guided tour - Start Now