Top Internal Cybersecurity Threats: What CISOs Should Know

The biggest cybersecurity threats come from within the organization. 57% of businesses revealed that internal cybersecurity threats have become more frequent since 2020 (Cybersecurity Insiders). Therefore, it’s time for cybersecurity leaders to look inward and tackle the internal cybersecurity threats that pose as much risk to their organizations as external cyberattacks.

 

Internal Cybersecurity Threat #1: Human Error 

Human error was named the main cause of 24% of data breaches, according to IBM and Ponemon Institute’s recent Cost of a Data Breach report. Employees in the IT help desk, HR, and R&D are data security threats who are targeted by cybercriminals as they have access to valuable company information.  

Social Engineering 

Also known as human hacking, social engineering is often the entry point of a large-scale cyberattack. Social engineering allows cybercriminals to bypass firewalls, antivirus software, and cybersecurity measures. It takes nearly nine months for companies to identify and contain data breaches caused by social engineering (IBM). Phishing is by far the most common type of social engineering attack. 

Phishing

In Management Events’ report, Navigating the Future of Cybersecurity, 75% of European cybersecurity leaders named phishing as the most worrisome cybercrime. In addition, the IBM Security X-Force Threat Intelligence Index 2023 found that phishing was a leading malware infection in 41% of incidents. Phishing attacks are also easier to execute with Phishing-as-a-service (PHaaS) offerings such as phishing kits and open-source phishing frameworks (Zscaler).  

Notable Phishing Attacks  

• Facebook: Evaldas Rimasauskas and his team stole over $100 million from the tech giant by defrauding specific employees. Rimasauskas impersonated a computer manufacturer and sent employees invoices for genuine goods and services, directing them to wire money to fake bank accounts.  
• Microsoft 365: Employees were tricked into installing malicious code on their devices. The targets received a pop-up notification saying that they had been logged out of Microsoft 365 and invited them to re-enter their login credentials. Those credentials ended up in the hands of hackers.  
• Google Drive: Targets were tagged in a suspicious document with malicious links to a phishing site. They received a legitimate email notification from Google containing the comment’s text and a link to the relevant document. Acting on this urgency, targets unintentionally clicked on one of the malicious links and were asked to enter their login credentials.

 

Internal Cybersecurity Threat #2: A Growing Remote Workforce

A whopping 91% of IT personnel experienced pressure to jeopardize security to enable business continuity within remote work conditions (HP Wolf Security). Therefore, it’s unsurprising that work-from-home and remote work practices have led to increased internal cybersecurity threats. A study by Check Point recorded a 38% jump in cyberattacks in 2022 compared to 2021 due to the rise of remote and hybrid working conditions.  

Unsafe Data Storing and Sharing Practices  

Company data becomes more vulnerable with the rise of remote and hybrid work. It’s difficult to ensure that all employees are practicing healthy data storing and protecting practices. Terranova Security found that only 53% of employees understand their role in protecting company data, and 35% express low concern if company data was stolen. Sharing confidential company information with third parties could have dire consequences. All it takes is a moment of carelessness such as accidentally posting something publicly or sending information to the wrong email address.   

The Use of Unauthorized Devices 

According to Lookout’s State of Remote Work Security Report, 92% of remote workers use personal devices such as smartphones and tablets to do work. Additionally, personal devices connected to insecure Wi-Fi networks may leave them susceptible to malware and viruses. Portable devices like USB sticks also pose a cyber risk. Although convenient to use, portable devices are easy to steal and are goldmines for cybercriminals – especially if they contain valuable company data.  

 

Internal Cybersecurity Threat #3: Shadow IT 

Shadow IT is still a bane for CISOs as it offers unmanned entry points for cybercriminals to breach. Gartner found that 41% of employees acquired, modified, or created technology outside of IT’s knowledge. In addition, 57% of small and midsize businesses reported shadow IT activity (Capterra). Remote workers are also more likely to utilize shadow IT, but enforcing security controls proves to be a challenge. 80% of IT staff dealt with objections from remote team members who did not agree to additional security measures (HP Wolf Security).  

Dissatisfaction with Current Tools 

According to a Beezy report, 61% of employees were unsatisfied with the tech stack at their jobs. Existing tools were buggy and difficult to integrate with legacy systems. 85% of them also relied on shadow IT tools despite the risk of their activities being monitored. Popular shadow IT includes personal messaging platforms, video conferencing, cloud storage services, and collaboration dashboards.  

Shadow IT Made Easier with Digitalization  

Shadow IT is more widespread than ever before due to the ease of buying and launching software without consulting cybersecurity teams. The ubiquity of cloud services has also made shadow IT more prevalent.  

“In the past when you used to have to procure hardware and know how to get a network connection, there was a barrier to entry. Cloud has lowered that barrier,” says Joe Nocera, leader of the Cyber & Privacy Innovation Institute at PwC.  

Furthermore, undocumented APIs are a relatively new form of shadow IT. A report by Cequence Security found that 68% of organizations experienced shadow APIs.  

 

Types of Internal Cybersecurity Threat Actors 

Internal cybersecurity threat actors include current employees, former employees, business partners, and suppliers who have access to an organization’s computer systems, data, and cloud platforms. Internal threat actors in cybersecurity either act unknowingly or have dishonest intent. 63% of internal data breaches are attributed to negligence, and cost companies an average of USD 11.45 million (Ponemon Institute). 

Common Insider Threat Indicators 

According to CrowdStrike, events that may indicate the presence of an insider threat actor include strange authorization requests for access to company documents, logins at odd hours, and unusual surges in traffic. Cybersecurity leaders should also keep a close eye on employees who display suspicious behavior such as conflicts with peers, absenteeism, unreliability, and underperformance at work. In addition, employees who display anger and resentment due to factors such as a lack of career progression could also pose an insider threat risk.  

 

How to Mitigate Internal Cybersecurity Threats

Review Cyber Awareness Training  

• Adapt training to fit the company culture and risk profile 
• Organize function-specific training so that employees are aware of how their responsibilities relate to company data  
• Cover topics such as data management, incident reporting process, personal device policies, passwords, and physical security 
• Conduct phishing simulations  

Practice Good Cyber Hygiene

• Identify security gaps such as outdated software and database performance issues 
• Review access control and data protection policies among remote workers 
• Tighten access control among current and former employees, business partners, and vendors   
• Prepare a comprehensive cyber hygiene plan that covers daily, monthly, quarterly, and yearly upkeep and maintenance activities 

Improve Employee Cybersecurity Awareness  

All employees should:  

• Use strong passwords and change them regularly  
• Recognize signs of phishing scams 
• Report colleagues who demonstrate suspicious behavior  
• Not share login credentials with anyone, even colleagues  
• Be wary of what they share about themselves and their workplace online 

Fortify Organizational Cyber Resilience  

• Perform a thorough cyber resilience assessment that includes risk factors, access points, and industry-specific cyberattacks 
• Back-up mission-critical data 
• Encrypt data, MFA, and SSO logins  
• Devise a mobile device cybersecurity strategy 
• Leverage AI and machine learning to improve cybersecurity systems  
• Work with IT personnel to perform organization-wide shadow IT audits  
• Set up a crisis management team and incident response plan 

 

Cybersecurity leaders must implement consistent, ongoing, and up-to-date practices to instill a security-first mindset among employees to stay ahead of the latest cybercrimes and keep confidential data out of the hands of malicious actors.