Insider Threats: How Menacing are They?
The shift to remote working has given rise to many security risks, such as those stemming from the use of personal devices and shadow IT applications for business purposes. However, insider threats are considered to be extremely rare for organizations to take them seriously.
News you need to know
- Scalable Capital, an online advisory firm, fell victim to a major data leak. It is believed that around 20,000 customers were affected by the leak of confidential data that included contact information, tax identification numbers, and bank account details. The leak is attributed to excessive insider knowledge.
- Last month, Shopify underwent a data breach caused by two support team employees. Although 200 merchants were affected, there has been no evidence to show misuse of the stolen data.
- In August, numerous high-profile Twitter accounts were hacked via social engineering techniques. A small number of employees were reportedly tricked through social engineering to hand over their admin credentials.
What let the threats in?
- The lack of security awareness about exploits often proves to be costly. Attacks such as phishing and vishing target employee credentials, leading to easy intrusions with dire consequences.
- Moreover, the gray area is expanded as employee loyalties change over time. Organizations face huge risks in terms of securing intellectual property when employees quit.
- A rising number of smaller such incidents fly under the radar as they don’t get a shout out from victim organizations. However, the danger arises when malpractices are neglected and left unacknowledged.
The bottom line
These are unprecedented times and organizations are struggling to stand up to the monumental cyber challenges faced on a daily basis. This often percolates to displeased (ex)employees who seek retribution in one way or another. When viewed as an individual instance, insider threats may not seem to be menacing. However, as an aggregate, these may lead to catastrophic losses.