Top 7 Cybersecurity Threats: #2 Insider Threats

Sometimes the biggest cyberthreat comes from within.

Top 7 Cybersecurity Threats: #2 Insider Threats

American manufacturers face many cybersecurity threats, but a few rise to the top as the very worst.

In a series of articles, MxD identifies the Top 7 cybersecurity threats and suggests ways manufacturers can mitigate each.

Making the Top 7 list: equipment sabotage, insider threats, data theft, malware, phishing attacks, ransomware, and supply chain attacks. MxD previously described equipment sabotage.

Second in the spotlight: Insider Threats

Sometimes the biggest cyberthreat comes from within. Disgruntled or distracted employees, vendors with a grudge, or a visitor with bad intentions can do a lot of damage.

They can steal employees’ personal information and sell it. They can sabotage equipment. And they can introduce malware intentionally — or unintentionally — by clicking on a bad link.

These “internal threat actors” also can be invisible. In many cases, they have authorized access to or knowledge about an organization’s assets or resources. In other words, they have credentials and know-how and are hard to detect until it’s too late.

Most cyberattacks that target manufacturers originate on the outside. But 12% come from workers or others with insider access, according to Verizon’s 2022 Data Breach Investigations Report. Most (nearly 90% according to Verizon) have a financial motive.

Financial motives cover a wide range. Recent reports describe a new one: employees being contacted directly about deploying ransomware, with promise of a payday when the ransom is paid.

But often there is no real motive. An employee working from a coffee shop who doesn’t use the company’s virtual private network (VPN) connection is a threat. The worker who can’t remember her password and writes it on a note and sticks it on her computer is a threat. So is the employee who lets someone “tailgate,” or follow him, into a badge-secured part of a factory. These types of threats, while not malicious, still pose a risk to organizations.

And threats don’t come just from current employees. Trusted people with access can include the private security guard at the front door or the people who come in after hours to perform maintenance. Former employees also can pose a threat.

With so much risk, companies must think broadly about who puts them in peril and how they can prevent such attacks.

“Accidental” insider threats can be mitigated with training and by creating a company culture that emphasizes the importance of cybersecurity. Employees can be taught to watch for phishing attacks or the more-targeted spear-phishing attacks that most commonly arrive via email. Reinforcing a security-aware culture will remind people that it’s part of their job to protect the organization’s data and assets.

Monitoring morale inside an organization is crucial. That will help identify disgruntled employees. Background checks can flag potential problems. But they should not just be for future employees. Vendors should be asked about their policy on background checks. Third-party service organizations that have access to a company’s building or its data should provide information on how they vet hires.

Also, as soon as an employee leaves an organization, system access should be revoked. MxD’s new Playbook for CMMC 2.0 Level 1 includes additional tips that can help prevent insider threats, such as ways to lock down a company network by limiting access to ports or using subnetworks to keep visitors off of the main company systems.