In 2020, there was a rapid global shift to remote work because of the pandemic. There had been a gradual shift to the cloud over the past ten years, but it was greatly accelerated because of this unexpected worldwide event.
With the mass migration to remote work were challenges. In particular, employers started thinking about how they could best manage remote workers and reduce cybersecurity risks.
When we think about cybersecurity, we tend to focus on external threats, but what about internal threats?
The idea of internal threats is starting to become addressed on a larger scale with zero-trust security architecture.
With that in mind, the following are some general things businesses should know about internal cybersecurity threats.
Internal vs. External Threats: How Do They Compare?
First, what are the differences in an internal and external threat?
Most external threats are a way for bad actors to steal information, often through methods like phishing and malware.
Both types of threat can be very devastating, depending on the information that’s accessed or stolen.
An external hack is usually going to attempt to locate information that can be sold for a profit, or an external hacker might demand ransom to release your files or data back to you. With an internal threat, if it’s intentional, an employee could for example sell your trade secrets to a competitor, and that can destroy your business over the long term and be challenging to recover from.
Specific types of external cyberattacks that are common include distributed denial-of-service attacks or DDoS attacks and phishing.
With a DDoS attack, a network or system gets overwhelmed to the point that it can’t respond to service requests. The machines are infected with viruses that one attacker controls.
With a phishing attack, a hacker will send what looks like a legitimate email from a trusted source, but it’s a way to get certain information.
So what about the most common types of internal threats?
Common Internal Cybersecurity Threats
Research finds that most internal cyberattack perpetrators are IT staff or system administrators with privileged system access.
If you have employees with technological know-how, they can use their access to the system to steal information or cause harm.
Employees might do this for no reason, or more commonly, as a form of retaliation if they think they’ve been wronged. They might also want to financially gain from doing it.
What’s even more critical for many businesses to realize is that many times internal cybersecurity threats aren’t intentional.
In fact, the vast majority aren’t, but instead are the result of human error or a lack of understanding, yet they can still be considered insider threats.
For example, hackers can convince your employees to give away information they need. If you have the very best cybersecurity tools in place, it’s not going to safeguard against employees who aren’t well-trained and don’t understand things like phishing.
Downloading malicious content is also an insider threat to cybersecurity.
The number of virus and malware threats is going up by more than 50% every year, and these destructive features can be introduced to your network by your employees.
Another insider threat?
The loss of information because employees take various devices with them outside of the office, and those devices can be lost or stolen.
There have been several high-profile examples of what can happen with insider threats.
For example, an angry Tesla employee abused their internal privileges to change software systems that controlled its manufacturing process.
In 2020, two support staff employees at Shopify used their privileges to steal customer data for nearly 200 merchants. It led to a sharp decline in the stock price for Shopify at the time.
In 2016, an employee left Waymo, which was an autonomous car division of Google, to found Otto, a self-driving truck business. The business was bought in two months by Uber, but before leaving Waymo, the individual downloaded thousands of trade secrets and files including blueprints and design files.
Waymo ended up receiving a financial settlement after they brought a lawsuit against Uber.
So what can you do?
First, be aware of the level of access every employee has to every file, application, and part of the network. You always want to utilize least privilege access so they don’t have access to anything more than the bare minimum they need to do their job.
You should also have strict cybersecurity policies in place and make sure your employees are well-trained on them.