In 2016, cybercrime reportedly cost UK businesses a whopping £1bn. Cybercrime and corporate fraud against UK businesses was up seven-fold, with 90% of companies interviewed in a recent Kroll survey experiencing a cyberattack or loss of information, giving the UK the second highest rate of cybersecurity incidents in the world.
But cybercrime is no longer solely about external threats to businesses. Where once the focus was on preventing metaphorical break-in’s through a window or door after business hours, the biggest threat to businesses now is an invisible one that exists 24 hours a day from within. One that can destroy entire companies and sink the careers of senior executives – The Insider Threat.
The majority of attacks on businesses come from within
Current or ex-staff members engaging in theft of some kind, or misusing company credit cards and expense accounts, was in the top 10 most reported crimes of 2016. Over the course of the year, the City of London’s National Action Fraud received over 37,000 reports. In terms of the areas worst affected, the London Metropolitan and Essex police forces received the largest volume of reports, with over 8,000 cases of online crime.
One example of these crimes is a recent scam where cold callers, pretending to be members of bank fraud departments, persuaded 750 Lloyds and Royal Bank of Scotland customers to reveal security details resulting in a loss of £113m. Three Lloyds insiders were later convicted for what the police described as one of the biggest cyber fraud scams ever investigated in the UK.
Extortion via ransomware; phishing; malware; mandate fraud; spearphishing; theft of physical assets; misappropriation of funds, there’s a whole community of attackers learning from each other and the list becomes more intelligent and devastatingly effective every day.
Burglar alarms are all very well, but not when you are letting criminals walk through the front door.
Burglar alarms are all very well, but not when you are letting criminals walk through the front door. Whether it’s malicious, someone who’s been tricked, or someone who’s made a mistake, an insider could bring down your business with a single USB or WeTransfer. Or at the very least make off with $420m and destroy your reputation, like Target in 2013: the victim of an insider attack through an unwitting vendor with access to their infrastructure.
With cloud services like Dropbox, Google drives, social media, the use of big data, and employees using their own email accounts and devices to work, increasing numbers of strangers are being let through the front door of businesses. Contractors, managers and other privileged access users require legitimate access to an organisation’s cyber assets, but hugely increase insider threat.
The impact of insider threats can devastate company revenues, business continuity, customer satisfaction, corporate reputation and employee morale, and everyone pays the price. It’s not just big brands like Target either; a student accommodation company were tricked into giving away data that led to the loss of £230,000, and a report from the Federation of Small Businesses (FSB) estimates that small businesses in the UK are attacked over 7 million times per year, despite 93% claiming to have taken steps to protect themselves from insider threats.
Measures used to defend against external threats don’t work for insiders
Malicious insiders have knowledge of and unrestricted access to proprietary systems, so their actions can easily go undetected by security systems designed to defend against external threats. With more complicated systems, more privileged users, more cybercrime, and more insider attacks becoming the norm, it’s clear that businesses need to have systemic processes in place to prevent, detect and respond to such risks in order to avoid catastrophic financial and reputational damage.
Unfortunately, few corporate security strategies focus on such solutions and traditional network defence systems are just reactive, designed to detect hacks through a firewall or other perimeter appliance. By implementing a Privileged Access Management (PAM) system, businesses can see what is going on inside at all times and limit insider threat. PAM allows you complete control of all privileged activity across multiple networks.
What is Privileged Access Management (PAM)?
Osirium’s PxM Platform:
- Perfectly manages context driven access over any number of systems across an infrastructure
- Authorises privileges for users only when and in which systems they are needed, then automatically revokes those privileges once the requirement is complete
- Automates administrator tasks without exposing Privileged Accounts, securing the most vulnerable entry points for attackers and improving workflow
- Ensures full accountability and visibility for meeting compliance mandates and deters insider threats by providing irrefutable evidence and granular audit trails of privileged activities.
Addressing the balance with (PAM)
No one really knows how big the problem is. There’s global-scale ignorance about the nature of insider threats; national policing has yet to catch up both in terms of the skills needed to catch cyber criminals and manpower, and insider attacks are also massively under-reported (many businesses keep quiet because they don’t want to risk reputational damage). One third of UK firms are stockpiling bitcoins in case of such an attack, to use as ransom money for restoration of access or the return of their data, which is a clear indicator that things are out of control.
PAM applies the controls and visibility to valuable assets on a network infrastructure and will go a long way to helping prevent this growing problem and keep corporate assets, jobs, bonuses and reputations truly safe from the insider threat.
Find out more about how our PxM Platform can help protect against the insider threat and control the misuse of privileged accounts.