Cyber Insider Threats are a Growing Business Risk

Insider risk is a constant concern for businesses. This is because humans, by their very nature, can make mistakes, and threat actors often take advantage of this vulnerability.  By 2025, half of all cyber events are expected to be the result of human errors or malicious actions. This is a reality companies need to prepare for.1 New digital business models bring additional challenges. Among these, contingent workers can introduce vulnerabilities, and the increased accessibility of networks to third parties can compromise security.

Phishing remains the most common vector for initial network access, placing the insider – or the employee – at the front line. Advances in social sophistication, user fatigue, and targeted, context-based phishing contribute to the centrality of this risk.2 Cybercriminals continue to shift their methods as they leverage current events. Today, phishing emails that exploit the Ukraine-Russia conflict to solicit an emotional response to the war lead people to click before they think. A new trend is emerging, novel phishing, or led-by-consent phishing, in which attackers trick users into granting permissions to malicious cloud applications. Once clicked, these malicious applications can access legitimate cloud services and users’ data. Training and phishing exercise simulations remain the areas where least investment is made in the field of cyber risk mitigation, despite being the most significant countermeasure to slow down ransomware attacks.3 While certain acts of cybercrime decreased in 2022, data access brokers never ceased gaining unauthorized access to client networks and infrastructure. A trend to watch is data brokers and ransomware actors looking to opportunistically buy data and access from company employees, where vulnerability exploitation is one of the primary methods utilized.4 This trend drives a new insider threat risk where cyber criminals openly look for employees willing to sell a company’s data for personal gain. This evolving risk may include theft of data, proprietary information, intellectual property, and trade secrets.

As system integration and organizational dependence on third parties continue to rise, so will the need for increased insider risk monitoring. Organizations will focus more on the necessity for endpoint detection and response (EDR), security operations center (SOC), and network security. Similarly, the focus on safe work practices and data loss protection will remain if the hybrid workplace remains in place.

Ransomware Supplemental Red Flag Controls Data Findings: Aon Clients Report

Aon’s survey of top insurance providers indicates that data security ranks among the top five domain risks.4  However, a concerning trend emerges when looking at industries across the board: a majority report substantial gaps in their data security controls, highlighting the need for improved cyber security measures. Per CyQu data, scores were slightly higher in governance and data protection as clients transitioned from a “basic” to a “managed” risk profile in 2022.  Interestingly, user awareness and training saw the greatest improvement across all data security categories. This trend suggests that continued investment in cyber risk training is not just beneficial, but crucial for businesses seeking to mitigate the escalating threat of insider risk.

Nearly half of all companies (47 percent) have not segregated their end-of-life software from application systems, potentially increasing their vulnerability to cyber threats. Further compounding this issue, 40 percent of companies lack necessary SOC controls, intensifying their exposure to insider risk. This data underscores the importance of robust cybersecurity measures in mitigating insider threats. Turning to EDR controls, CyQu data painted a more robust picture, as 70 percent of clients reported that their organization’s EDR covered all of the total workstations.