When most of us think about a cybercriminal, we usually think of a creepy guy behind a desk, possibly in another country. But did you ever consider that a hacker could be inside your own organization?
COVID-19 has caused a record number of individuals to face financial hardship due to job loss, pay cuts, reduced hours, etc. These circumstances have created an increase in cyberattacks for financial gain. While most business owners assume the attacks are from outside the organization, insider threats are more common than many assume. The pandemic, recession, and social unrest are all contributing factors to why employees may act illegally. Disgruntled employees sometimes become malicious insiders, and pending furloughs or pay cuts may also incentivize employees to resort to illicit behavior.
According to the 2020 Cost of Insider Threats Global Report by the Ponemon Institute, insider-related incidents have increased by 74% over the last two years. During this time the average global cost of insider threats rose by 31% to $11.45 million.
An insider attack is a malicious attack executed on a network or a computer system by a person with authorized system access. Insiders that perform attacks have a distinct advantage over external attackers because they have authorized system access and may also be familiar with network architecture and system policies/procedures.
The Shopify hack in September is an illustration of this type of cyber-attack. The organization’s own employees breached the network. Shopify determined two rogue members of their support team orchestrated the violation and was not caused by a technical vulnerability in the Shopify platform. According to the 2020 Insider Threat Report by Cybersecurity Insiders, the biggest enabler of insider attacks is the fact that in 61% of incidents the perpetrator had elevated access to sensitive data and applications.
Some insider threats are purely accidental, but that’s not what we’re talking about here. These are intentional acts, not employee error. Recent research conducted by the Ponemon Institute revealed that malicious insider threats are three times more costly than incidents caused by negligent employees.
Protecting against insider threats in cybersecurity is one of the top concerns that businesses are facing today. Breaches are inevitable in today’s business climate, and unfortunately, internal threats are on the rise. Awareness and vigilance are important; however, you need to also mitigate your risk exposure to vulnerabilities that lurk within your organization. Cyber liability insurance coverage (CLIC) is designed to offset costs involved with the recovery after a cyber-related security breach. The professionals at the Charles P. Leach Agency have successfully crafted personalized cyber risk coverage for their clients, ensuring the continuity of their business after an unavoidable breach. Contact them now at 1-888-275-3224.