Workforce trends are fuelling the insider threat, says Bryan Murphy, pictured, Senior Director of Architecture Services & Incident Response at the cyber firm CyberArk.
nsider threats refer to cyber threats that originate from within an organisation, meaning employees are responsible for stealing or – often accidentally – leaking sensitive data. With over a third (34 per cent) of companies globally affected by insider threats each year, business leaders are increasingly concerned about protecting their critical assets.
Insider threats must be taken seriously, as they might have significant consequences on the business, with the potential to affect an organisation’s revenue and reputation. And the urgency to confront this issue is amplified in today’s challenging economic climate. It is key for companies to understand which factors are driving the surge in insider threats and adapt to safeguard their sensitive information. In fact, prioritising identity security is vital. Firms must ensure they have full control over sensitive and privileged access to prevent data leaks originating from within the organisation. And five workforce trends in particular are exacerbating the problem:
- Employee layoffs result in heightened identity security risks
When an employee is laid off or decides to resign, there is a risk this person may take confidential information with them. According to the 2023 CyberArk Identity Security Threat Landscape Report, 58 per cent of security professionals globally have reported cases of departing users saving sensitive work documents outside of policy. So, in times of organisational turmoil, businesses must keep in mind rising concerns about layoffs might lead to an increase in the number of insider threats.
One such example is detailed here, a high-profile incident at a major drinks manufacturer where an engineer exfiltrated trade secret documents worth nearly $120 million after learning the company was planning to let her go. The engineer was one of the only two people with exclusive access to the details of a top-secret chemical formula, making her a very privileged user. Although she was ultimately convicted and sentenced for her crime, this case reflects the challenges faced by many companies in safeguarding intellectual property and critical assets, particularly during workforce changes. Some 68 per cent of security decision-makers worldwide anticipate new identity security issues will arise as a result of layoffs and workforce churn in the upcoming year.
- Should businesses trust third-party vendors’ security?
Employees are not the only ones with insider access to sensitive information: third party vendors such as contractors can also be privileged users. If a third-party relationship ends and permissions are not promptly revoked, the vendor could continue to access a company’s sensitive information, regardless of the circumstances. In other words, even if an organisation and a third party are in good terms when the relationship ends, there is always a risk of company assets being exploited maliciously.
Additionally, external actors can compromise and exploit third-party vendors to gain access to their business partner’s sensitive information. For example, a few years ago, bad actors abused a third-party application used by Marriott Hotels to gain access to guests’ records. Attackers managed to log in to the application using the credentials of two Marriott employees, and the personal information of 5.2 million Marriott guests was leaked as a result. This may be why security professionals believe third parties, including partners, consultants and service providers, represent the riskiest human identities, according to CyberArk 2023 Identity Security Threat Landscape Report.
- The impact of today’s rising “resenteeism”
While the Great Resignation was very topical last year, it seems that employees’ motivations have moved on. In today’s uncertain economic climate, filled with layoffs and recession fears, most employees do not want to risk being unemployed, with many remaining in their current position even if they feel unhappy or burned out. This has given rise to a workplace buzzword known as “resenteeism” which is used to describe workers who are dissatisfied with their jobs and express their grievances openly.
Resenteeism can have a very negative impact on workplace culture, productivity, and can increase malicious insider threat incidents. For example, an employee who feels undervalued and whose promotion request has been denied several times may develop a sense of resentment towards their employer, which may motivate them to steal or leak sensitive data to “get even”. Some employees might even openly advertise their ability to use their authorised access to compromise their organisation’s security. 63pc of organisations do not adequately secure the highest sensitivity access for their employees, meaning those responsible for insider threats have more than sufficient opportunity.
- The link between financial hardship and insider threats
Many individuals in the UK and elsewhere are struggling financially due to the high level of inflation and the soaring cost of living. Financially motivated insider threats may increase as a result. Research shows privilege misuse – employees abusing their authorised access – is the leading cause of intentional internal data breaches and is often paired with fraudulent transactions. 59pc of all data breach incidents have a financial goal.
A typical scenario is a financial controller, with privileged access to systems where bank accounts and routing information are stored, illicitly transferring funds into their own personal account. This practice is very problematic as not only are individuals able to divert significant resources away from their organisation, but it can be hard to track.
- The correlation between employees’ stress levels and security mistakes
Workforce reductions and churn place a heavy burden on remaining employees, often resulting in increased stress levels due to the additional work they’re expected to take on. This can negatively impact stress levels, and stress is directly correlated with mistakes. As such, overworked and overstressed workers are more likely to fall victims to phishing attacks and other social engineering attacks. Factors like burnout – affecting 59pc of UK senior cybersecurity professionals – play their part as security teams are not as alert to potential risks as they should be.
Overworked and overstressed employees could make it easier for phishing attackers to “hook” credentials and, given 50pc of workforce identities have access to sensitive corporate data, they are the perfect entry point for hackers wanting to gain access to company assets.
Identity security, and trust
In the face of persistent insider threats, it has become vital for organisations to adopt a Zero Trust and least privilege approach. This way, they can have full visibility and control over who can access the company’s sensitive data, enabling rapid detection of access misuse or abuse and other high-risk activities. By removing trust from the equation, businesses can establish a robust identity security strategy, minimising threats and safeguarding critical assets.
