Two in three businesses faced insider attacks in 2020

The biggest risks sometimes aren’t those outside your organisation, but within.

With the fear of organised cybercriminals probing and testing company IT networks, and looking to secret away your data to capitalise on the trade secrets, or to lock it up and demand a ransom in order to free it, it can be easy to forget the biggest risks begin closer to home. But while outsider threats should always be near the top of an organisation’s list of concerns, insider threats should also be considered.

According to data analysed by Atlas VPN, 65% of organizations suffered from one or more insider attacks in the last 12 months.

The data was compiled in the run up to June 2020, and lays bare for all to see the sheer scale of the risk from employees either maliciously or accidentally giving up access to private information.

Employees who are poorly trained on information security can often do things that can give hackers access to internal databases or information that could prove fruitful for them as criminals. But equally, businesses need to be wary of the malicious insider threat: a disgruntled employee or someone bearing a grudge who can be tempted with the lure of money and getting back at their workers. Such risks need to be considered even more nowadays, as workforces operate remotely and out of the oversight of IT systems and employees.

Beware of the risks and take actions to mitigate them

The reason that insider risks can be so pernicious is simple. It doesn’t require as much technical expertise to gain access from the inside as it does from the outside – making it a sore temptation for those who are willing to take the risk.

“Outside hackers have to find ways to break through firewalls and other security measures to get into the company's databases,” says Rachel Welch, chief operating officer of Atlas VPN. “On the other hand, many internal users already have access to those databases, so the same safety steps are not applicable.”

But it’s vital that organisations take steps to try and stop both insider and outside threats. Atlas VPN surveyed experts to find out what impact insider threats can have on a company.

Financial risks can be huge

Nearly half (49%) of leaders surveyed by Atlas VPN said that fixing the issues raised as the result of an insider attack cost less than $100,000.  However, 30% of respondents said monetary damages caused by a single incident can be anywhere between $100,000 and $500,000 to fix.

And these attacks aren’t simple one-off incidents, either. Four in 10 businesses saw up to five attacks in the last two months, with 12% saying they saw fewer than 10 attacks in a year. 

Staggeringly, 7% of company representatives claimed they encountered more than 20 attacks in 12 months – nearly two every month.

Almost three-quarters of those cybersecurity professionals who were surveyed said they thought such insider threats had become more common in 2020. That’s largely down to the rise in home working and the inability to see what’s happening in a business with full vision.

Tackling these insider risks can be difficult. It can be tempting for bosses to install surveillance software that monitors workers’ every click, button press and keystroke – but that can breed distrust and exacerbate the situation. Employee engagement has been recorded as dropping during the pandemic, so making sure you’re supporting workers in a way that suits them, letting them know who to raise issues to before they become something serious – and take it out on your IT systems – is vital.