By Rita Okoye
Emmanuel Ezehiwele, CEO of APISentry, a unified API security provider shared some insights on Internal cybersecurity threats and employee responsibility.
According to Emmanuel, organisations typically focus their cybersecurity defences on external threats such as SQL injections, zero-day exploits, and ransomware attacks. While these issues are undeniably critical, it is equally essential to acknowledge and address potential threats that may arise from within the organisation.
These threats, commonly called insider attacks, involve cybersecurity breaches executed by current or former employees, external contractors, vendors, or anyone who has access to an organisation’s tools and data. Although often underestimated, internal threats can be just as damaging—if not more so—than external threats.
Ezehiwele, in his view, cites a survey of 467 cybersecurity professionals which found that 90% believe internal cybersecurity attacks are as challenging to detect and prevent compared to external threats. Insiders have legitimate access to an organisation’s systems and data, enabling them to circumvent traditional security measures primarily designed to protect against external threats.
Insider attacks may be malicious or unintentional. In the case of malicious attacks, privileged access is intentionally abused to steal information or compromise a system for financial or personal reasons. On the other hand, unintentional attacks involve unknowingly creating security vulnerabilities either through negligence, lack of training, or falling victim to social engineering tactics. According to a Stationx study, 88% of all data breach incidents are caused by or significantly worsened by employee mistakes.
The Cyber Security Experts Association of Nigeria (CSEAN), in its 2024 National Cyber Threat Forecast, predicted a surge in insider threats. Therefore, now more than ever, there is an increasing need for organisations to ensure that their employees are not weak links in the chain of cybersecurity protection.
This raises the critical question: How can organisations maximise cybersecurity from within? First, they must understand the root causes of the attacks, which can include insufficient employee training, technological complexities, inadequate security measures, and even disgruntled insiders.
Based on his experience within the cybersecurity industry, Emmanuel highlights several effective solutions to combat malicious insider threats. First, implement behavioural monitoring and user activity analytics to detect unusual activities, such as abnormal data access patterns or attempts to access restricted systems. This will help flag potential threats before they escalate.
Secondly, apply the principle of least privilege (PoLP). This ensures that employees only have access to the specific data needed to carry out a required task, thereby reducing the risk of unauthorised access to sensitive information. Without PoLP, organisations face greater risks of breaches and misuse of critical data by overprivileged users or entities.
Additionally, establishing a data loss prevention (DLP) system is vital for safeguarding sensitive information. DLP solutions monitor and prevent the accidental sharing of sensitive data, unauthorised access, and the transmission of information to unapproved recipients, ensuring better protection of critical assets.
In the case of unintentional threats, Ezehiwele states that the approaches to be implemented include scheduling regular security audits to identify and rectify any existing security gaps and ensuring that all user activities comply with the organisation’s security policies.
Another critical measure is the implementation of multi-factor authentication (MFA). This significantly reduces the risk of a data breach by requiring additional verification steps beyond just a password. This extra layer of security ensures that even if a password is compromised, it cannot by itself provide unauthorised access to sensitive systems or data.
While these are effective approaches to preventing cyber attacks, he further advises that the most impactful strategy is to invest in comprehensive employee training and awareness. Security awareness training is the process of educating your employees to understand, identify, and avoid cyber threats.
It involves educating them on cybersecurity best practices, how to recognise phishing scams, the safe handling of sensitive information, and the importance of following security protocols. This training should be carried out across all departments in the organisation to eliminate potential security gaps.
According to Emmanuel, security awareness training also ensures that organisations act in compliance with data protection and privacy regulations and reduces the rate of accidental threats caused by a lack of awareness. Furthermore, well-trained employees are better positioned to respond effectively and mitigate the impact of cyber attacks.
In conclusion, employees are essential to preventing and mitigating insider cyber-attacks. As the first line of defence, a well-equipped workforce can act as a human firewall, identifying and stopping potential threats before they occur.
Ezehiwele believes that insider threats will continue to be a major concern for organisations, as they involve individuals who possess legitimate access to the company’s systems and data. Addressing these threats necessitates robust technical solutions and even more critically, tailored and actionable user training that is specific to each role within the organisation.
Disclaimer
Comments expressed here do not reflect the opinions of Vanguard newspapers or any employee thereof.