Beware insider threats and other trends in cybersecurity

21 Feb 2023

Image: © Andrii Yalanskyi/

Kroll’s president of cybersecurity, Jason Smolanoff, discusses the current cyber threat landscape and explains that how an organisation responds to an attack is as important as building their defences.

Cybersecurity is an issue faced by organisations worldwide and the defences that are needed to build resilience to an attack are consistent no matter where a business is located. Businesses should be cognisant of the trends in the types of attacks that are on the rise, especially regarding the areas where sensitive data is vulnerable, so that they can prioritise their investments in cybersecurity.

In 2022 healthcare replaced financial services as the most breached industry, accounting for 22pc of all breaches.

The threat landscape intensifies

Kroll, an independent provider of risk and financial advisory solutions, compiles quarterly threat landscape reports to analyse trends in the types of attacks that target organisations. While email compromise and ransomware regularly feature as the most common threat incident types, there has also been a significant rise in unauthorised access incidents. This includes attack methods such as insider threat.

Our data shows that insider threats reached their highest level ever in Q3 2022, accounting for nearly 35pc of all unauthorised access threat incidents. There are many reasons why insider threat might be increasing, one of which is a turbulent employment market.

As employees move through the job termination process, we often see insider threat; either in the form of disgruntled employees consciously exfiltrating useful data or simple failures in HR processes where privileged access rights haven’t been revoked for an outgoing employee.

No matter the motivation, the confidentiality, integrity and availability of sensitive data is often put at risk.

Data breaches

Data breaches are another constant concern for organisations globally. While a cyberattack is one way a data breach can occur, there are many other examples of data being breached either through technologies, processes or human error.

Kroll’s Data Breach Outlook report looks at the types of companies that are suffering data breaches and the engagement of consumers when their information is involved in a breach.

In 2022 healthcare replaced financial services as the most breached industry, accounting for 22pc of all breaches.

However, consumers were most concerned about their financial data. Calls following a data breach saw a 127pc year-on-year (YoY) increase. Accordingly, there was a 126pc YoY increase in the amount of identity monitoring taken up by consumers who were impacted by a data breach in the financial services sector.

An Irish perspective

Irish businesses should pay particular attention to these trends, given that according to Kroll data the number of people in Ireland enrolled in an identity monitoring program because of a breach increased seven-fold last year. This is a staggering rise, and we believe it was due to a handful of cases that had a much larger impact in the Irish population than we’ve seen before.

Insider threat may also be on the rise in Ireland, considering a 2022 survey by communication technology company Poly. The research found that of 3,000 workers and 2,750 employers surveyed in Europe, 64pc did not want to return to an office. Irish workers were the most reluctant to return to the office with 83pc preferring to work from home.

It is important for Irish businesses to recognise the risks they face in terms of cyberattacks and data breaches.

This potentially creates an environment that is more difficult to secure and a more fluid labor market, if employees are willing to change jobs for a work-from-home setup.

It is important for Irish businesses to recognise the risks they face in terms of cyberattacks and data breaches. Kroll ran a data breach masterclass in Dublin this month. Of the attendees, 85pc were confident in their ability to detect a cybercriminal in their network.

Considering the significant incidents that have occurred in the Irish market, the increased concern from consumers over their financial data, and the intensifying threat landscape, this could indicate an over-confidence in the ability of companies to detect cybercriminals.

This over-confidence was also reflected among CFOs in our Cyber Risk and CFOs report, where 87pc were confident in their companies’ abilities to ward off cyber security incidents, despite 61pc of them having suffered at least three significant cyber incidents in the previous 18 months.

Responding to an incident

It is also not only about detection and given 18pc of those at the Dublin event believed it would take years to recover from a ransomware, knowing how to respond to an incident is arguably more important.

Cyberattacks will unfortunately continue to be a risk for Irish businesses and there will no doubt be significant data breaches in the future, compromising Irish consumer data.

Focus should be on building cyber resilience and being prepared to handle data breach incidents; both for the quick and full recovery of the businesses involved and to best support consumers whose data has been compromised.

Keeping abreast of the latest trends in both threat intelligence and data breaches will empower businesses with the knowledge to prioritise their cybersecurity investments and implement a cyber strategy that measurably reduces risk to the business and its customers.

By Jason Smolanoff

An headshot of Jason Smolanoff. He is wearing a dark suit, a bright blue tie and a white shirt.

Jason Smolanoff. Image: Kroll

Jason Smolanoff is the president of cybersecurity at Kroll Risk Advisory. Since joining Kroll in 2017, Jason has led the practice through transformative growth into a highly diversified, global organisation that today provides clients with seamless, end-to-end cyber risk management services.