Freely subscribe to our NEWSLETTER

“The PwC study highlights just how crucially important it is for businesses to remember that a cyber-attack is not always a faceless hacker trolling the internet to find an open-door to a business’s data - but that the malicious attacks often come from within. To reduce the impact of malicious insider attacks, businesses can implement access-based controls to regulate what data can be seen by whom. This way, they can monitor who is trying to access data that isn’t relevant to them, highlighting their potentially malicious intentions. Organisations should also look to encrypt their data where possible and perform regular vulnerability scans of their internal network to understand what vulnerabilities exist and could therefore be exploited by a malicious insider.

“Another important defence is monitoring staff behaviour. Insiders do not ‘go bad’ without warning but typically start to display out-of-character behaviour at least 30 days before the first theft or compromise. They may access parts of the network to which they either lack authorisation, or which are simply not required for their work; they may start keeping unusual hours; they may even make explicit threats, or worrying comments to colleagues. By monitoring activity to spot anomalies, an organisation can identify when an employee may pose a higher risk.

“It’s also clear that businesses are still struggling to deal with the volume and type of threats they face. Companies should focus some effort on ensuring that they have suitable response processes in place, along with better visibility of what is going on within their environments. With the effective lack of any perimeter due to mobility, cloud and other developments such as IoT, understanding what is happening, being able to interpret that in the context of the business and then being able to take appropriate action based on informed business decisions means that companies will be much better equipped to respond to these attacks as and when they happen.”