While external attacks and techniques, like malware and social engineering often steal our attention, insider threats pose a hidden danger that many underestimate. These internal breaches, often accidental or fuelled by disgruntled employees, can devastate an organisation's finances, systems, and reputation. With the rise of remote work, Artificial Intelligence (AI), and social media, the insider threat landscape is evolving with increasing complexity. So how can organisations identify and protect themselves from insider threats? 

Insider Threats in 2024: What’s changed? 

Insider threats are unpredictable in nature. They could manifest as disgruntled employees stealing secrets, hackers manipulating unsuspecting insiders, or staff causing breaches accidentally. Ultimately, malicious actors aim to blend in and exploit their access for personal gain or to harm the organisation. 

The changing tech landscape means that traditional approaches to insider threats are not only outdated, but potentially leave organisations less secure. New technologies mean increased risk, in many different ways. One change to consider is the introduction and widespread adoption of new tech, especially artificial intelligence (AI) and AI-powered or integrated tools. 

AI

AI is increasingly being used by organisations to drive productivity, streamline services, and provide support to customers. However, the use of this technology is not without risk. With any new technology, there are cybercriminals willing to exploit it for malicious use. A subset of AI, deepfakes, specifically, pose a new and complex risk: sophisticated impersonation. Earlier this year, for example, one Hong Kong company claimed to have suffered a $25 million loss because of attackers using deepfake technology to impersonate the company’s CFO via a video call. Many organisations are unable to keep up with the pace of evolution and innovation when it comes to new tech, especially regarding security risk. 

Hybrid Work Culture 

The work from home (WFH) movement that arose from the pandemic has meant, for many, a shorter commute, a healthier work/life balance, and more flexibility. However, it’s also made it harder for IT teams to secure the expanded attack surface, especially as that attack surface is no longer strictly on-prem. Less secure personal networks and relaxed security habits at home increase risk, in a way that is harder to control for internal security teams. 

Social Media 

Casual sharing of personal details (likes and photos, for example) and professional information online can be exploited by attackers. This information aids social engineering, where attackers build trust online to launch targeted spear phishing attacks within an organisation. Social media is the perfect place for malicious reconnaissance.  

Insider threats, accidental or malicious, can lead to data breaches and unauthorised access. Organisations must prioritise proactive prevention, detection, and mitigation strategies.

How Can Organisations Mitigate Risk from Insider Threats? 

Identify and protect your weak spots: Work across departments (HR, Legal, Security, etc.) to pinpoint critical assets, as well as the sorts of required access needed. Regularly assess risks, implement safeguards, and monitor for threats.

Build a framework of trust and security: Create clear policies for hiring, monitoring, and responding to incidents. Partner with HR, Safety, and Legal to support existing employees and encourage a culture of collaboration. Promoting transparency and accountability is critical.

Hire smart and respond swiftly: Train security and HR teams to conduct thorough background checks. Establish clear protocols for investigating incidents and enforcing clear disciplinary measures. Integrate security seamlessly throughout the hiring and response processes.

Use smart tools to catch suspicious activity: Implement anomaly detection on networks to identify unusual user behaviour that might indicate a data breach.

Educate everyone about insider threats: Launch a ‘Security Culture’ programme with regular training for all employees. Tailor this training to different roles, and provide refresher courses and specialised seminars. Train supervisors and managers on their role in spotting and preventing insider threats.

Don't underestimate insider threats: Educate leaders on the evolving nature of insider threats and the motivations behind them. By being proactive with policies, training, and risk mitigation, organisations can build a strong defence against insider attacks.

 

About Matt Horne

Matt was a National Crime Agency (NCA) Deputy Director (DD) of Investigations. Matt has served as an NCA Officer since the organisation’s creation in October 2013. Prior to this Matt worked for 7 years with the Serious Organised Crime Agency, a precursor organisation of the NCA; and prior to this as a police officer from 1992. He has provided 29 years continuing public service in UK law enforcement.

Matt has extensive experience in the field of Serious Organised Crime (SOC), operating at the national and international level. He has worked on, and led, a very large number of SOC investigations, utilising the full range of tactics, investigative methodologies and technical capabilities available to UK law enforcement.

Matt's recent leadership responsibilities have also included Professional Standards and Anti-Corruption; Senior Security Advisor; Asset Denial and Complex Financial Crime; National Capability Lead for Technical Surveillance; Chair of the Five Eyes Law Enforcement Operational Technology Working Group; and Authorising Officer for Undercover Operations. In addition, for the last five years Matt has performed the role of Strategic Firearms Commander.

His previous roles have included Intelligence Manager, Senior Investigating Officer, Branch Commander, Regional Head of Investigations, Head of Technical Operations and Forensics, and Head of the National Cyber Crime Unit. As a police officer, Matt worked in a range of roles as a Detective Constable, Detective Sergeant and Detective Inspector.

Since April 2019, Matt has been the NCA’s Strategic Lead for the response to the criminal use of technology, including criminally dedicated secure communications. Matt is the UK Gold Commander for Operation VENETIC, which is the multi-agency national law-enforcement response to the exploitation and take down of the ENCROCHAT criminally dedicated communications platform.