Why insider attacks are indicative of a need for security convergence
What is security convergence?
Security convergence is the merging of the two previously distinct practices of physical and cyber security to create a more cohesive and effective security defense against all types of crime.
Only 20% of all businesses have fully converged physical and cyber security measures together. This is despite a rapidly growing rate of breaches within businesses, including insider attacks. Many are relying purely on one or the other without considering how they could work together.
In order to use security convergence to combat the growing threat of insider attacks, one must first understand key facts about the issue.
The facts
34% of businesses globally suffer from an insider attack every year. Even more face the threat of an attack. Below are some facts about insider threats, and what they mean for businesses:
Insider attacks have grown by 47% in the last two years
This means:
- The ways in which insider attacks can be carried out are developing faster than the existing security measures to combat them.
- Security that most businesses have in place is not enough to combat insider attacks.
74% of organizations have said that insider attacks are becoming more and more of a threat to them and that they are at least moderately vulnerable to them. This means that a majority of businesses feel vulnerable to attacks, indicating that they do not yet have effective enough security against them.
56% of all insider attacks come from employees or partners (the rest from malicious wares); around 32% of all insider attacks are malicious
This means:
- Businesses need to balance a strong and effective security system with employee trust. It is not enough to trust that employees would not intend harm on the company — security leaders need to be prepared for the eventuality.
- Employees have a little too much freedom and too much access to critical data that is too easy for them to leak in a malicious attack.
The rest of these manmade insider attacks come from accidents, namely negligence
For example:
- 2 out of every 3 insider attacks happen as a result of negligence.
- 94% of all viruses come from emails.
- 23% of breaches in 2022 were a result of weak passwords.
This means:
- Businesses are not protecting their data enough if pure human error can result in a breach.
- Businesses need stronger and stricter data protection, password and email policies in place.
The statistics for insider attacks as of the end of 2023 are concerning — so how can businesses use security convergence to combat the threat?
Security convergence to combat insider threat
Between the rapid increase of insider attacks and the growing vulnerability of businesses, it is clear that the security most businesses currently have in place is not enough to combat insider attacks. This is because many businesses rely on purely physical or purely cyber security measures, without combining the two.
Below are examples of how the convergence of physical and cyber security can work to combat some of the key issues we outlined earlier.
The growing rate of insider attacks
The concerning growth of insider attacks is indicative that it is too easy employees and partners to become an active threat to a business’ security. Combining the physical security measure of CCTV and the cyber security measure of multi-factor authentication will decrease the overall risk of insider threat.
- With CCTV at all points within your office building, employees and visitors are less likely to attempt any attack knowing that they are watched.
- The “Big Brother” effect will also ensure that employees act within accordance of any regulations set for them.
- Multi-factor authentication will make data harder to access. Only employees with the right passwords, devices and codes will be able to get ahold of the data and will be unable to download it without authorization.
These are wider procedures that will start to reduce the overall risk of insider attacks. But what about the more specific concerns?
Malicious insider attacks
To successfully combat the issue of malicious insider attacks, combine the physical security measure of concierge security with the cyber security measure of logged and tracked devices.
- On entrance to the building, employees and visitors alike will be greeted by a concierge security guard.
- Visitors who plan on working within the company (partners, contractors and so forth) will be provided with a company device that is logged by the guard and will be tracked. The tracking ensures that no untoward behavior can occur without it being caught. They should also be asked to hand over any personal devices they have on them as a further safety precaution.
- The devices used by employees within the company should also be company provided and tracked devices. The company’s data should only be accessible via these devices, and even if employees are remote, they should only work on the company devices as opposed to their own.
The combination of a security trained professional controlling the handout of these devices and the devices being closely monitored will greatly minimize the risk of malicious leaks and attacks from employees and partners.
Negligence — Unlocked devices
One of the big concerns of employee negligence is devices that are left unlocked and unattended.
Combining the physical security practice of access control with a cyber security protocol that sees devices lock after a few minutes of inactivity will seek to combat this specific issue of negligence, one of the biggest enemies of business security.
- Access control authorizing entrance into the building and onto floors guarantees that only employees and trusted partners can have access to each floor of the building. Access controls can vary from passwords to fingerprinting systems to key cards.
- Access control can also be used within the devices, with data only accessible by those who have the password for it. This will prevent data falling into the wrong hands, whether by accident or not.
- With access control, security leaders ensure that no one untrusted or unknown will be in the vicinity of an unlocked device nor could access the data within it.
- By introducing a protocol that ensures devices shut down after a few minutes of inactivity, you ensure that even if a device is left unlocked, it will shut down and lock before anyone else can get into it and access data they should not be able to access.
Negligence — Email viruses and weak passwords
For weak passwords and viruses passed through email, combine anti-virus technology and a password complexity requirement setting with setting expectations and regulations with employees.
- Inform employees that the passwords they choose must be strong, must fit in with the complexity requirements set, and under no circumstance should they contain any personal information.
- Ensure that devices, databases and software used by your company have complexity requirement settings in place, so that employees cannot set a password that does not meet them. According to Microsoft, passwords should be at least 12 characters long and contain both upper and lowercase letters, special characters and numbers.
- If employees write their passwords down, ensure that they do not leave these notes lying around — have them kept in locked drawers, or with your concierge guard.
- Installing a decent anti-virus technology into company devices will minimize the risk of viruses getting into the system. However, virus technology is developing just as swiftly and there could still be a risk.
- To combat this risk, monitor emails that come through to employees. Ask that they do not open emails and especially do not open links from people they do not know or who do not seem to come from an official partner, business or client, and to instead send these on to management to be checked.
Insider threats are growing rapidly. From intentional leaks and breaches of data from malicious employees and partners to negligence and human error, insider threats are one of the biggest dangers that businesses face, as they come from the inside, from those that were supposed to be trusted.
Combining existing cyber security measures with physical security measures ensures the most effective and efficient protection for a business. Cybersecurity can do what physical security cannot, and physical security covers the blind spots that cybersecurity leaves.
The rapid increase of insider threat calls for more businesses to turn to security convergence to ensure that insider threat does not continue to rise.
https://www.securitymagazine.com/articles/100891-why-insider-attacks-are-indicative-of-a-need-for-security-convergence