Skip to main content

Back to Blog

Insider Threats are Accelerating Faster Than Our Defenses

New Report Shows Rising Risks

Insider Threats are Accelerating Faster Than Our Defenses: New Report Shows Rising Risks

When we’re constantly on alert for cyberattacks from the outside, it’s easy to forget that the greatest risks to our security might be coming from inside the business. Even the most comprehensive cybersecurity defenses are no match for the potential harm caused by our own employees. And it’s not just active employees we need to worry about, but ex-employees, third-party vendors, contractors – anyone who’s ever had internal access to your systems. Then, there’s also anyone who shouldn’t have but who has gained access to your systems by physically being on premises and connecting to your network directly. It’s a massive pool of potential leak points for an organization to tackle, and no single security net will capture them all.

The 2023 Insider Threat Report recently revealed some alarming statistics about the internal weak links of our systems. Insider attacks are on the rise, negatively impacting data security, business operations, brand image, revenue growth, and more. 74% of organizations say these attacks have become more frequent in the past 12 months compared to 68% from the previous year’s survey. What’s more, our defenses against insider threats haven’t kept up with the surge. These trends highlight the importance of embracing a defense in depth strategy, investing in technologies and tools that evolve alongside these threats, and cultivating a cybersecure culture at work.

Why Insider Threats are Multiplying

Experts speculate that there are a few reasons for the escalation of insider threats. Economic instability has many businesses scrambling to refocus their core priorities toward revenue growth, leaving gaps in security investments. The Great Resignation has seen employees leaving in droves, and now layoffs are spiking across the tech industry. So many employees exiting (with quite a few due to unhappy circumstances) clears the way for hackers looking to exploit leaks in security systems. Not to mention disgruntled ex-employees feeling justified in doing damage on the way out the door. The employment squeeze is also causing those still in their roles to feel overworked, so they are more willing to cut corners wherever possible. And sloppy off-boarding processes leave system access and unused accounts open and unsecured. In this environment, it’s a wonder any business has a handle on internal security awareness, let alone keeping cybersecurity awareness training programs up and running at full force.

Remote work and cloud-based technologies are also contributing to the rise of insider threats. Remote and hybrid employees may use personal devices to access company resources, and it’s challenging to protect data across such an extensive infrastructure that includes all these devices, as well as SaaS, the web, and on-prem applications. 68% of respondents to the Insider Threat survey said they are concerned or very concerned about insider risk as they return to the office or transition to hybrid work. 53% said that detecting insider attacks is harder in the cloud.

The New Report Highlights Old Issues

Insider threats are nothing new, and the likelihood of falling pretty to one (or many!) has been accelerating over the past few years. One 2021 survey found that 94% of organizations had an insider data breach within the previous 12 months. 84% were attributed to human error, 74% were from employees breaking security rules, and 66% resulted from a malicious leak. In the 2023 Insider Threat Report, 74% of organizations feel moderately to extremely vulnerable to insider attacks. Nearly half of organizations said detecting and preventing insider attacks is more difficult than external cyberattacks.

Stale Accounts – The Silent Insider Threat

When asked what makes the detection and prevention of insider attacks increasingly difficult, 54% of cybersecurity professionals said it was the fact that insiders already have credentialed access to the network and services. But what about accounts where the user hasn’t logged in during the last six months or more – yet the account still has access privileges in your system? This is what’s known as a stale account. It could also be an account sitting stagnant with expired passwords. These are usually old, inactive employee logins that were never removed. They pose a significant security risk because not only can old employees use them for continued access, malicious actors may discover them and use them to infiltrate your network and cause damage.

Because they haven’t been used for a long time, they’re typically not monitored, so suspicious activity often goes unnoticed. If one of our most significant concerns is that insiders already have access to the system, then we should be doubly concerned about accounts with access to sensitive data and systems sitting around, consuming database space, and increasing the organization’s attack surface.

Fortunately, there are actions organizations can take to stay safe from insider threats. For example, we recently updated Enzoic for Active Directory Lite to capture stale accounts as a data point in reports. Through this functionality, administrators can pinpoint accounts that have remained inactive for over six months, enabling them to take proactive measures to enhance the security of their environment. By disabling or deleting these accounts, organizations can reduce the risk of unauthorized access and safeguard sensitive information or systems.

Cybercriminals are exploiting leaks from poor security practices revolving around ex-employees, using the cloud, and remote work to leverage old credentials and insider knowledge of company infrastructure to gain footholds in our systems. The technologies we depend on for support in the fight against insider threats must be as adaptable as the ever-strengthening and always-shifting threat landscape we find ourselves in.