Cybercrime, Security and Insider Threat

Experts concur that cybercrime is increasingly prevalent and sophisticated, and causing major economic damage. The UK government Cyber Security Breaches Survey 2017 reports that nearly half of UK businesses have identified a breach or attack in the last 12 months. Even though it is difficult to accurately quantify, the financial impact is heavy. Internet service provider ‘Beaming’ put forward of estimated £29.1bn lost to the UK economy in 2016, due to cyber attacks.

Contrary to public perception, cyber attacks rarely come from external actors (foreign state sponsored groups, organised crime, hacktivists or curious teenagers) using complex malware to penetrate systems and networks. In fact, a significant number of cases of cyber attack are carried out by employees with authorised access to data. Last year in the United States, they accounted for approximately a third of all cyber attacks reported against businesses*.

Insider cyber attacks can take many forms and their impact is usually severe. Data theft, implanting vulnerabilities in defence architecture, or outright disruption of network capabilities are all within the reach of insider actors. The UK National Cyber Security Centre reported the recent indictment of a disgruntled former employee of Canadian Pacific Railway who intentionally damaged the company’s core computer network after learning he would be terminated for insubordinate behaviour. In Bangladesh, a bank lost US$81 million when a group of its IT Technicians inserted malware capturing keystrokes in order to obtain the identification information necessary to make fraudulent bank payments to themselves.

These acts of corporate espionage and sabotage cause significant financial losses, and damage brand and reputation. A 2018 US report on insider threat estimates that average damages from an insider attack are within a range of $100,000 to $500,000**.

Any business handling sensitive and personal data should include insider risk management amongst its information security controls. As well as administrator measures such as account segregation, document classification and user management, background screening is an essential tool. Consistent and thorough screening of new hires is essential, but continuous monitoring is also highly recommended. Staff whose financial or personal circumstances have changed represent a higher risk to information. Regular screening sends a clear message to staff that a business takes insider risks seriously.

At a time when companies are investing heavily in their cyber fortifications, it is worth ensuring that the individuals behind the walls are trustworthy.

We have been helping our clients combat insider fraud for the past two decades by providing diligent, accurate and bespoke screening to a wide variety of industries. Please get in contact to see how we can help you.

*2017 US State of Cybercrime Survey
**Cyber Security Insiders 2018