As the world continues to dive into digital means of doing business, shopping, and communicating, cybersecurity is top of mind for all members of leadership, especially CISOs. However, one aspect of cybersecurity that is often deprioritized is unintentional insider risk. Ironically, 85% of security breaches originate from a small number of high-risk individuals within an organization. In fact, users are the most targeted and least protected link in your security program.
Unintentional insider risk opens up opportunities for cybercriminals to focus their hacking efforts on unsuspecting users through phishing, malware, browsing incidents, and ransomware tactics. The number of cyberattacks increased by 50% from 2020 to 2021 with the average organization facing 925 cyber threats per week across the globe. To combat these attacks, CISOs need to focus on mitigating the individual user risk throughout their organization. To begin, it’s important to understand the most common attacks brought in by unintentional insider risk, how they happen, and how to prevent them.
1. Unintentional Insider Risk Can Lead to Phishing Attacks
According to our research, 12% of users are responsible for 80% of phishing incidents. Phishing is when cybercriminals send maliciously-intended emails built to trick people into falling for a scam. In these incidents, the attacker’s goal is to get users to reveal sensitive information and credentials such as financial information or user passwords to private accounts.
Often phishing emails are obvious and easy to identify. However, these attacks are becoming more common and increasingly sophisticated. For a small number of high-risk employees, a similar email address is enough to trick them into giving away proprietary information. For example, a regular email address at a company may be structured like service@paypal.com. Attackers will typically use a similar-looking email to fool recipients like service@intl.paypal.com. Based on these similarities, high-risk users are likely to believe it’s coming from the actual organization and not a scammer.
Once the user believes an email is legitimate — based on their understanding of the sender’s address and the related email copy — the user is much more likely to respond to the email giving away rather private information. For instance, if a user receives an email asking them to provide the password to a private company account and complies, the attacker has instant access to proprietary information. Now, the organization is compromised.
2. Malware Comes in Many Forms and is Super Tricky for Users to Identify
When 3% of users are responsible for 92% of malware incidents, it’s not hard to see why mitigating unintentional insider risk is essential to preventing cyberattacks. Malware (A.K.A. malicious software) comes in various forms and attacks including:
- Adware
- Botnets
- Cryptojacking
- Malvertising
- Ransomware
- Polymorphic malware and more
Because of malware’s ability to shift into multiple forms, it’s difficult for users to identify. And the hope that sufficient cybersecurity training is enough to help users recognize these threats often proves to be null and void. Plus, as remote work has become the norm, malware attacks like ransomware have increased by 715%.
Consider this example of ransomware — In 2021, hackers breached the Colonial Pipeline after they gained access to a leaked password. The password was linked to an old account that had long since been inactive. However, the proper measures were not taken to deactivate and eradicate this account from being accessed. And somehow, this password ended up inside a batch of leaked passwords on the dark web — It’s not uncommon for disgruntled employees to sell proprietary information on the dark web. This attack cost the Colonial Pipeline $4.4 Billion in ransom alone.
3. Browsing Incidents like Cross-Site Scripting (XSS) Fool End Users into Thinking a Site is Safe
Browsing incidents and client-side attacks are on the rise. Just 4% of users are responsible for 71% of browsing incidents. Unintentional insider risk is a top concern when it comes to browsing incidents. Browsing incidents often occur when a user fills out a submission form or clicks on a malicious link in a pop-up session. Unbeknownst to the user, the script on these forms may have been infiltrated with malicious code hackers use to steal credit card numbers, account credentials, and other forms of PII or PHI. Cross-Site Scripting (XSS) attacks enable cybercriminals to do just that.
XSS attacks enable hackers to bypass access controls and gain full read/write capabilities to alter the script in a browser session. For example, say a user enters a query into a website’s contact form. What they don’t see is that the script behind the form has been compromised and injected with a malicious script. Through this script, the attackers are able to steal all of the information the user input into the form. Meanwhile, the user is none the wiser.
There’s Still Hope: Mitigate Untinentional Insider Risk with the Right Technology
The bad news is that a small number of employees bring in the majority of cybersecurity threats. The good news is that these threats can be prevented with the right technology. Unintentional insider risk mitigation tools that help secure the business while maintaining a productive workforce are essential to shifting left and preventing cyber attacks.
Unintentional insider risk mitigation tools enable enterprise security leaders to:
- Predict business risks such as ransomware, data loss, and account takeover
- Proactively protect individual users based on risk profiling
- Gain enhanced visibility into each individual’s user reputation (i.e. the actions they take, access they have, and frequency they are attacked)
- Identify users and actions most likely to cause a breach
- Implement and tailor security controls appropriately for each individual’s risk
- Share real-time and personalized feedback
Uncover the secrets behind how a Fortune 500 Company in the financial industry was able to proactively reduce incidents to prevent account take-over, data loss, and ransomware with unintentional insider risk mitigation technology.
Final Thoughts
As remote workforces become typical and as cybercriminals develop more sophisticated attacks, mitigating unintentional insider risk is no longer a nicety, it’s essential. It’s time to take proactive measures to defend your organization with the right amount of security appropriate to the risk. Elevate Security can help you transition from taking a reactive incident response approach to proactively managing potential risks.
Watch the video for an overview of the Elevate Security Platform to see it in action.
