65% of businesses faced one or more insider cyberattacks in the last 12 months
Most cybersecurity landscape data is focused on outsider attacks; however, recent findings reveal that insider threats are becoming more common. Attacks originating from within the company are much more elusive since standard security practices do not work.
According to data analyzed by Atlas VPN, 65% of organizations suffered from one or more insider attacks in the last 12 months.
Insider threats come from employees or other internal users, such as contractors, that have access to the company's internal databases. There are two types of malicious insiders — those with harmful intent and those who are simply negligent.
An online survey of 457 cybersecurity professionals, conducted in June of 2020 by Darktrace, found that 41% of businesses experienced between 1 and 5 insider attacks in the last 12 months.
Moreover, 12% of respondents stated that they saw between 6-10 insider attacks in the last year — another 5% of surveyed professionals encountered from 11 to 20 attacks.
Finally, over 7% of company representatives stated that they experienced more than 20 attacks in the last 12 months.
Compared to last year, businesses dealt with insider attacks more often. As many as 72% of cybersecurity professionals believe that employee security violations became more frequent in 2020.
Insider attacks are costly
Incidents caused by insider threats are becoming more common, so let’s look at the monetary damages caused by these events. As a side-note, if the incident does go public, companies' public image gets hurt, which, in the long-run, can cause even more losses than the immediate incident remediation costs.
Nearly half (49%) of surveyed leaders stated that the remediations after an insider attack cost less than $100 thousand. Another 30% of respondents expressed that monetary damages caused by a single incident are anywhere between $100 thousand and $500 thousand.
A smaller part of the surveyed experts - 12%, stated that the average cost of remediation after an attack is somewhere between $500 thousand to $1 million.
Finally, 5% of companies reveal that the cost of an attack is around $1 million to $2 million, and 2% state that remediation costs exceed $2 million per successful attack.
One of the most recent and well-known hacking incidents caused by a malicious insider is the Twitter bitcoin scam that happened on July 15th, 2020.
Here, cybercriminals took over multiple high-profile Twitter accounts to promote a Bitcoin scam.
After the incident, Twitter reported that an employee cooperated with cybercriminals to carry out the hack.
This scam appeared in front of 37% of Twitter’s userbase. Luckily, damages only slightly exceeded $110 thousand in Bitcoin, as Twitter deleted those tweets quickly.
Protection from insider threats
Unfortunately, most security practices deployed to protect the company from external attacks fall completely flat when it comes to defending from insider threats.
Outside hackers have to find ways to break through firewalls and other security measures to get into the company's databases. On the other hand, many internal users already have access to those databases, so the same safety steps are not applicable.
Here are the steps to reduce security risks from insider threats:
- Make sure that employees only have access to data and tools they need to do their jobs. The fewer people have access to a database, the less is the risk that either malicious or negligent employees can expose the data.
- Employee training. While this might not help against disgruntled employees, it is the best tool for the company to make sure negligent insiders are educated and security risks are minimized.
Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.