Insider threats and best practices to minimize risk

Insider threats and best practices to minimize risk

Posted by HSSL Technologies on Aug 16th 2023

When you think of insider threats, what comes to mind? Sabotage by disgruntled employees? Embezzlement? Commercial espionage?

Those things do happen. But to effectively guard against cyberthreats and risks originating within your organization and your network — that is, on the inside of your external-facing security infrastructure — it’s necessary to conceive of insider threats more broadly.

The truth is, each and every user is a potential point of vulnerability. From the actively malicious users we first mentioned, to those who might respond to a phishing email, to those who might simply mistype the address on an outbound email containing sensitive corporate data. And that’s everyone.

As it happens, misaddressed email is responsible for more data breaches than even phishing attacks — 19% of all security incidents, according to ICO’s Q4/22 incident report dashboard.

95% of IT leaders believe that client and company data is at risk on email.
Data is most at risk on email, with 83% of organizations experiencing email data breaches.
24% of email data breach incidents were caused by an employee sharing data in error.

From the break room to the boardroom

It’s important to understand that the list of potential insider threats includes *everyone* in the organization. In fact, senior executives may present a heightened risk. This is not because they are especially susceptible to being fooled by phishing attacks (although they may be). It’s because if their accounts are compromised, hackers can use them to launch highly effective attacks against other employees.

According to a 2022 study published by Tessian Research, 52% of people clicked on a phishing email because it looked as though it was coming from a senior executive in their company, a significant increase from 2020, when the number was 41%.

The same study found that 40% of U.S. and UK employees had sent an email to the wrong person in the previous 12 months.
How to reduce the risk

Once we understand that insider threats mostly consist of user errors — and that the majority of those errors involve misaddressed email and clicking on phishing emails — it’s much easier to plan and implement an effective strategy to combat them.

The primary elements of this strategy are email data loss prevention (DLP), internal email security, security awareness training, and data backup.

Email DLP

Traditional email security gateways are designed primarily to scan incoming emails in order to spot and block malware and other threats. However, modern, multi-capable email security platforms such as Barracuda Email Protection also include DLP features that scan both incoming and outgoing emails.

Unlike incoming-email scanning, outgoing emails are scanned not only for malware, but also for protected data that should not be shared with anyone outside the company. By default, these solutions can typically detect common things like Social Security numbers, bank account and routing numbers, and other personally identifying information.

In addition, admins can add granular, custom parameters for DLP protection, including keywords, file types, and more.

A strong DLP solution can dramatically reduce an organization’s vulnerability to security incidents caused by misaddressed email, accidental inclusion of protected data, and corporate espionage.

Internal email security

Traditional email security does not scan internal email traffic, i.e., email from one employee to another. However, insider-threat attacks are often initiated by account takeover and impersonation attacks that lead to phishing emails being sent via internal email.

To prevent this type of attack, modern email security platforms like Barracuda Email Protection include advanced, AI-powered detection capabilities that monitor all traffic — including internal emails — and are able to detect phishing and other anomalous communications.

Security awareness training

It should be clear at this point that the greatest reduction of security incidents can be achieved by eliminating user errors. While total elimination of mistakes is an unrealistic goal, modern security awareness training programs, when implemented correctly, can bring about dramatic improvements.

The keys to a successful security awareness training program include:

Diligent, regular use of simulated phishing campaigns targeting all users
Gaining user buy-in through the use of gamification and positive (rather than punitive) reinforcement
Constantly updated simulated phishing templates based on real-time, real-world threat trends
Multi-vector training that includes email, text, and phone phishing attacks

Barracuda Email Protection includes advanced security awareness training capabilities that enable you to significantly reduce your users’ vulnerability to phishing and other email-based attacks.

Data backup

A modern backup solution can make a huge difference in case of internal digital sabotage by a disgruntled employee, accidental deletion of data (or entire servers), and data corrupted by ransomware — which is usually initiated by a user responding to a phishing attack.

An appropriate backup solution should allow very fast, granular recovery of lost data; be fully encrypted to prevent data theft; and be able to conceal the fact that it is a backup, in order to frustrate ransomware that specifically seeks to attack backup systems.

Barracuda Backup and Barracuda Cloud-to-Cloud Backup meet all these requirements, and can help you reduce your exposure to insider-threat risks.
Cast a wide net

While the drama of saboteurs and spies might dominate our initial thinking about what counts as an insider threat, taking a more realistic approach means addressing the more mundane — but ultimately far more damaging — threats of simple human error. And recognizing that user error can and must be addressed by any truly effective security infrastructure will lead us to implement the modern, multilayered security infrastructure that organizations need today.