From 2018 to 2020 insider threats have increased 47% leading to a 31% increase in insider threat costs. In 2020, the total cost of insider threats was just under $11.5 million. Today, those numbers are increasing as cyber criminals are offering employees a hefty payday if they infect their corporate networks with ransomware.
In August an email security company intercepted electronic correspondence that offered employees $1 million to infect their organization’s networks. In another event, again in August, a Tesla employee was offered $1 million dollars to deploy ransomware on their networks as well. So far, no one has taken a bite.
Unfortunately, that is not to say they won’t.
If You’re Faced with Insider Threats, What Can You Do?
If, or when, a disgruntled employee chooses to take part in these activities, there will be little that the organization can do to stop it.
Many of the cybersecurity tools available do not account for an employee deploying malicious software. For instance, multifactor authentication, which requires two or more verification methods to grant access to a program, file, or application, is designed to keep outside threats at bay. Given the threats are coming from within, those individuals will have full access and ability to grant the authentication, regardless of what verification methods are needed. Therefore, multifactor authentication essentially becomes useless.
The barriers for an insider to execute the threats are far less, than for a hacker to try to install the malware. This in itself makes it worth the payout to the rogue employee. They can infect more businesses in a more efficient manner. The only work they have to do is find a willing culprit.
One may think that it takes a cyber genius to install malware, specifically ransomware, on a device. You couldn’t be further from the truth. Human error accounts for over 95% of all cyber incidents. Which is also why it would be incredibly easy, from an employee perspective, to get away with it. All they would have to claim was that it was a careless click.
That is unless the organization is using a malware prevention tool like application whitelisting.
Application whitelisting is a method of proactive security that only allows known, trusted programs to run. As the direct alternative to traditional blacklisting that allows unknown files to run, application whitelisting actively stops anything from running that has not already been vetted and proven safe and secure.
Consider this technology when discussing insider threats. What if the insider downloads the malware as directed by the cyber criminal? The rogue employee can click on, and even try downloading the malicious file. However, it will not be allowed propagate throughout the network because it has not been tested and proven safe. The application whitelisting solution would effectively block this threat.
Given the grim outlook of insider threats increasing, the cyber threat landscape widening, and a majority of cybersecurity tools failing, leading to a 1070% increase in ransomware attacks, there are few risks one should be willing to take when it comes to cybersecurity.