Cartoon of a worker as an insider threat sitting on a rock using a laptop as sharks representing cybercriminals circle around him.
Image: © Knut/

Insider threats: Be aware that employees can compromise security

13 Nov 2023

CyberArk’s Bryan Murphy recommends a zero-trust approach for staff handling sensitive data. He says overwork can cause security sloppiness, too.

The risk of insider threats is rising, with 74pc of organisations saying insider threats have become more frequent. Insider threats refer to cyberthreats that stem from an ‘insider’ in a company and usually entail sensitive data being leaked or stolen through employee access. Whether they are intentional or unintentional, insider threats are dangerous security breaches that can negatively impact the revenue and reputation of a company.

Addressing the problem has become more urgent and is exacerbated by the difficult economic times much of the world is currently experiencing. Workforce reductions and increasing workloads have a big impact on employees’ mental health and their ability to do their jobs effectively, as revealed by 59pc of UK senior cybersecurity professionals in CyberArk’s 2023 Identity Security Threat Landscape report.

As a result, workers may be more likely to be responsible for unintentional insider threats that damage the company’s security infrastructure and put sensitive data at risk. Businesses must understand the causes of the rise in insider threats and adapt to protect their critical assets. More specifically, controlling sensitive and privileged access to minimise the risk of data being unwittingly leaked is key. Identity security must be a priority.

Link between workforce reductions and employee errors

Continuous supply chain issues, inflation and conflicts around the world are impacting businesses, and many organisations are trying to get costs under control by reducing their workforces. Tech companies alone have laid off hundreds of thousands of employees globally (so far) in 2023. In an economic climate filled with uncertainty and recession fears, most workers do not want to risk being unemployed, with many remaining in their current position even if they feel unhappy.

A headshot of Bryan Murphy from CyberArk.

Image: Bryan Murphy

Yet the constant fear of being laid off, along with the additional work employees are expected to take on due to workforce reductions places a heavy burden on them, which can only increase stress levels. And increased stress goes hand in hand with the propensity to make mistakes. Overworked and overstressed workers are more likely to fall victims to phishing attacks and other social engineering attacks because they may not be as alert to potential risks as they should be. As a result, they could make it easier for phishing attackers to ‘hook’ credentials – and given that 50pc of workforce identities have access to sensitive corporate data, they become the perfect entry point for hackers wanting to gain access to company assets.

The security risks of working with third parties

Employees are not the only ones with insider access to sensitive information: third-party vendors such as contractors can also be privileged users. As such, external actors can also seek to compromise and exploit third-party vendors to gain access to their business partner’s sensitive information.

There are a number of well-documented cases of attackers who decided it would be easier or stealthier to target a business through the third party with a weaker security posture, in order to harvest the credentials needed to breach their ultimate victim. For example, in January 2022, the Red Cross reported that the personal data of more than 515,000 highly vulnerable people who had been separated from their families by conflict or disaster had been compromised following a cyberattack.

A group of hackers managed to hack a third-party organisation that the Red Cross used to store data. This may be why security professionals believe third parties, including partners, consultants and service providers, are among the riskiest human identity type they have to manage and secure. In fact, 31pc of UK security professionals believe identity breaches stemming from third parties would cause the biggest impact for their organisation.

Businesses can improve their risk posture by managing employee and application access permissions as they connect, based on context, geolocation and a host of other intelligent controls and checks – and third parties should be treated in the same way. It is key to be able to maintain oversight of data flows, train (repeatedly) the people who have access to these systems and also have a clear overview of the third party’s identity security practices. Ultimately, collaboration carries an element of risk, but it can be addressed by replicating good identity security practices amongst partner companies and ensuring greater visibility into activity to be able to act quickly and mitigate risk.

The need to remove trust in identity security

With insider threats continuing to pose a significant risk, businesses must embrace a zero trust and least privilege approach. Put simply, zero trust is a security model that encourages not to trust any user or asset within a network until its security or legitimacy has been fully verified. Companies must make sure they have full visibility and control over who can access the company’s sensitive information.

Even if employees have no intention to do anything to harm the business, unintended insider threats might originate from difficult economic circumstance or working conditions. Zero trust is key to implementing a solid identity security strategy, preventing insider threats resulting from employees’ stress and mistakes and protecting critical assets.

By Bryan Murphy

Bryan Murphy is the senior director of consulting services and incident response at CyberArk, a global identity security provider.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Loading now, one moment please! Loading