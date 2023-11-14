ADVERTISEMENT

20% of cyberattacks on organisations come from within: Report

November 14, 2023 03:39 pm | Updated 03:39 pm IST

Cyberattacks stemming from within organisations due to malicious insider, negligent or external actors can cause major harm to businesses

The Hindu Bureau

Threats arising from either a malicious insider, negligent insider and external insider including the company’s regular partners or suppliers can compromise the security of organiisations. | Photo Credit: Reuters

20% of cyberattacks on organisations come from individuals within those organisations, acting intentionally and sometimes with premeditation.

Insider threat is formidable, particularly because it is multi-dimensional and can outwit all the classic protection measures, a report on insider threat from Almond said.

Threats arising from either a malicious insider, an individual or group of individuals who take advantage of their knowledge of the company’s computer system, negligent insider (who is ignorant of security procedures, or from an external insider including the company’s regular partners or suppliers can compromise the security of organiisations. Such threats can lead to unauthorised access to data, data theft, misappropriation of intellectual property, divulging of business secrets and fraud.

The report further highlights that companies should provide themselves with effective legal protections, including contracts that include confidentiality, non-competition clauses and effective internal rules with regard to computer systems to ensure security.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

In behaviour analysis of cybercriminals, the report found numerous examples of threat actors recruiting company insiders, particularly from banks, hospitals, social network platforms, public services, and online payment platforms to launch attacks.

“There are more and more examples of connections between insider threat and criminal organisations, which increases the breadth of the attacks. Classic means of defence are often difficult to set up and may be extremely burdensome,” Jean-Francoid Aliotti and Olivier Pantaleo, co-directors of Almond said.

Companies need to understand the nature of risks, evaluate the consequences of malicious behaviour and set up appropriate security procedures to train all staff and impose strict access policy and if necessary, use software for user behaviour analysis, the report said.

