Protecting Your Business From Internal IT Threats

As a small to medium-sized business in 2022, your data and information should be protected from all angles. When we think about cybersecurity, we often picture some shadowy outside entity using every clever trick and scheme at its disposal to crack your defenses. Though that can be the case, more often than not, your biggest cybersecurity threat will come from the inside. Internal threats to security have been the culprit for some of the most massive security breaches of the past decade…

In 2015, Anthony Levandowski left his job as a Google executive to create his own self-driving truck startup business. Before he parted ways with the tech giant, Levandowski stole thousands of confidential files and trade secrets from Google to help his own business which was later bought by Uber.

In December 2019, it was discovered that 250 million Microsoft customer records were exposed to the internet. IP addresses, email address and location data was accessible to anyone with an internet connection. The security breach happened because Microsoft employees failed to properly secure information databases.

Christopher Dobbins, a former employee of a large medical device packaging company was let go in March 2020. After he received his final paycheck, he hacked into the company’s network, gave himself administrative access, and altered or deleted close to 120,000 records, severely disrupting the delivery of important medical equipment to healthcare providers.

These all are examples of massive internal threats that affect even the largest companies around! Let’s break down the types of internal threats and profile what signs to look out for when assessing cyber security risks at your company.

Internal Threats vs. External Threats

An internal threat is a cybersecurity risk that comes from within an organization to exploit the system, steal information, or cause damage. Employees are often trusted with access to privileged information and system access in order to perform their jobs. For example, if you have a robust customer service department, the employees in that department will likely need access to customers accounts and activities. The systems that house this data will most likely contain sensitive personal information. Without the proper safeguards and security measures in place, that trust can be taken advantage of. There are various categories of insiders that can become attackers:

• Pawn: A pawn is an employee who is unknowingly manipulated into downloading malicious software or revealing sensitive login information. They are often victims of email phishing or social engineering. Encourage your employees not to open questionable emails and report them to your managed cyber security team.
• Goof: A goof is an employee who believes they are immune from security risks. It is not their intention to put your company at risk for cyber attacks, however their lack of awareness makes your company vulnerable. For example, they may choose to use public WiFi instead of taking time to set up a VPN, putting your company in harm’s way. Invest in thorough cyber security training to keep your employees from becoming goofs.
• Collaborator: Collaborators work with outsiders to steal trade secrets and intellectual property. The outsider might be shady competitors looking to get a leg up on the field or a group of cyber criminals playing dirty.
• Lone Wolf: A lone wolf works alone and is highly skilled at hacking techniques. They bypass security and are able to erase their movements. Edward Snowden is the perfect example of a lone wolf inside threat. They are highly capable and very dangerous.

An external threat comes from outside attacks. These attacks are executed via viruses and malware with the goal of gaining unauthorized access to your organization’s network. Examples of external threats include: external suppliers, outdated software, cyber attacks, and social engineering. External threats are more difficult to deal with than internal threats because you have no control over people outside of your organization.

Statistics on Internal IT Threats

Even though external threats may be harder to rectify, internal threats are more likely to occur. In fact, insider threats are reportedly the primary cause for 60% of data breaches.

Here are few more stats that show why protecting your business from Internal IT threats is more important than ever:

• A recent study has revealed that the number of insider security incidents has risen by 47% since 2018.
• The cost of insider threats has risen 31% in the same time period.
• 40% of insider incidents involving an employee with privileged access to company assets.
• Ponemon Institute’s 2020 Cost of Insider Threats study found that the global average cost of an insider threat was $11.45 million.
• The average cost of a data breach over the same period was $3.86 million.

Despite these seemingly grim numbers, there are plenty of ways to protect yourself from insider threats. Let’s take a look at your options!

How To Protect Your Business From Internal IT Threats

• Monitor Behaviors: Track user behavior and alert your cybersecurity team about any suspicious activity. It’s also a good idea to perform regular security health checks to prevent internal threats before they happen.
• Purge Accounts: Make sure there are systems in place that delete access after long periods of inactivity. You don’t want to give access to a former employee who may be disgruntled.
• Implement Good Hiring and Training Practices: Insider threats come from within. That means at some point, this threat was hired and trusted. You do not want to hire someone you don’t trust. Run thorough background checks and call references to ensure the employee does not have a history of fraudulent behavior. It may be a good idea to institute a probationary period during training where the new hire has very limited access to systems while they learn how the business operates.
• Strengthen Authentication: Use multi-factor authentication to provide an extra layer of protection against security risks.
• Perform Security Risk Assessments: Security risk assessments help you identify critical assets, their vulnerabilities, and the threats that could affect them. The assessment should help you make informed decisions about the risks arising from internal threats and to establish appropriate security to contain those internal threats.
• Implement Identity and Access Management: Identity and access management is a system where certain employees are given unique profiles and granted specific permissions to access the resources they need and nothing more. A cashier does not need access to your business‘ historical tax records and bank reconciliations, but they would need access to your point-of-sale technology to assist customers.
• Hire a Managed Cyber Security Provider Like Computers Nationwide: We offer employee cyber security training and Managed Cyber Security solutions to keep your SMB protected from cyber crime and bad actors 24/7. Our services will give you peace of mind, ’round the clock surveillance, and customized solutions to best keep you secure based on your needs.

Protect your business from internal threats through Computers Nationwide’s premier partnerships…

Perch Security Operations Center (SOC):

See threat activity on your network and among your peers

Perch connects you with threat intelligence sharing communities and sources, and automates intel consumption. Identify potential threat activity on your network, and view everything through a user-friendly online interface.

Boost defense, not headcount

No need to increase analyst hours or staff. The Perch Security Operations Center investigates any alerts on your network, escalates real incidents to your attention, and helps you eliminate the threat. Customize what and how we escalate to fit your needs

Detect what’s eluded your defenses

Firewalls are a perimeter defense to protect your network; Perch detects what’s already gotten through. During your lunch break, you can start detecting threats on your network.

Webroot Business Endpoint Protection

What is endpoint protection?

Endpoint protection, or endpoint security, is a general term that describes cybersecurity services for network endpoints, like laptops, desktops, smartphones, tablets, servers, and virtual environments. These services may include antivirus and antimalware, web filtering, and more.

Endpoint protection helps businesses keep critical systems, intellectual property, customer data, employees, and guests safe from ransomware, phishing, malware, and other cyberattacks.

Why business need endpoint protection

Criminals are constantly developing new ways to attack networks, take advantage of employee trust, and steal data. Smaller businesses may think they’re not a target, but that couldn’t be further from the truth. In fact, small businesses with 100 employees or fewer now face the same risk of attack as a 20,000-employee enterprise.

No matter their size, businesses need reliable endpoint security that can stop modern attacks. And since most companies are subject to some form of compliance and privacy regulations, protection for endpoints is 100% necessary to help businesses avoid hefty fines and damage to their reputation due to a security breach.

Sometimes the biggest threat to business security can come from within.

Protect your business and your employees by working with Computers Nationwide!

Schedule a consultation today: (847) 419-9900

Read our recent blogs to learn more:

• 12 CISO Resolutions for 2022
• 7 Ways to Improve Data Privacy in the New Year
• Mobile Security in 2022: What to Expect & How to Prepare