Today’s columnist, Tom Miller of ClearForce, points out that the 2020 Verizon DBIR reported that some 30% of data breaches are caused by insiders. Miller offers some insights into how security teams can mitigate attacks caused by the human factor. (Photo by Scott Olson/Getty Images)

The technological advancements that let our world connect and thrive in the digital age also present increased risk as more people and organizations become victims of cybercrime.

Cybersecurity Ventures predicts that the total damages attributable to cybercrimes – including loss of data, money, and productivity, and the costs of investigations, system repairs, and reputation damage – will exceed $10 trillion by 2025. Ransomware attacks alone will cost more than $265 billion.

The increasingly sophisticated nature of cyberattacks calls for more stringent measures of protection, especially for businesses that handle large amounts of sensitive data. But while strengthening firewalls and investing in multi-step data encryption and password protection software are all essential, businesses should focus more time and resources on addressing their greatest vulnerabilities: their employees.

Human beings are the most common entry points in cybercrime attacks, and therefore the most commonly targeted. Most employees who fall victim to cyberattacks do so out of ignorance or negligence rather than malice, so training staff in how to recognize the signs of a cyberattack, as well as giving them streamlined ways to report it, are imperative. However, training alone will not solve the problem.

It's not uncommon for employees, particularly those working remotely and not under strict supervision, to become cyber-fatigued with the multiple steps involved in maintaining a secure network. As such, they may take shortcuts, especially when it comes to regularly updating passwords. This negligence can have serious consequences, as 61% of data breaches in 2021 were caused by leveraged credentials. Companies should enforce password policies for all employees, both in-office and remote, and two-factor authentication required on all business accounts. They should also implement additional to secure personal devices such as smartphones and tablets if the employees are permitted to use them.

An employee’s stress can also get in the way of them doing their jobs properly, and lead to distraction that could end up compromising their online security. Remote work can create unique stressors that are not present in an office. According to the report The Psychology of Human Error, over half of the employees surveyed say they were more likely to make a mistake while stressed. Some 47% of respondents that admitted to falling for a phishing scam cited distraction as a key cause.

Unfortunately, a business should also not rule out the possibility of an insider who, for whatever reason, decides to sell out or betray their company.

Insider threats could come from an employee who feels disgruntled because their needs have not been met, a former employee who still retains privileged information, or simply someone who sees the opportunity for financial gain by compromising their company’s system. According to the Verizon 2020 Data Breach Investigations Report, approximately 30% of data breaches were found to have involved a malicious internal actor, with financial gain being the most common motivator. Malice does not always play as a factor because a threat actor can target an otherwise loyal employee based on his role or access level and bribed, blackmailed, or otherwise coerced him into breaching the company’s security on behalf of an external third party.

Given this two-fold risk that employees can present, organizations looking to mitigate that risk should invest in a continuous behavioral monitoring system that can keep track of people-based risk and potential red flags before they lead to actions that cause widespread operational or reputational damage.

A continuous behavioral monitoring system can track a number of customizable criteria depending on the goals of the organization, from web browsing and emails to social media postings. It can alert management to anomalies in employee behavior in real-time, as well as identify areas of high-stress or financial pressure that could indicate an employee may be compromised. This kind of immediate notification allows for swift action by management, or by human resources, to engage with the employee and provide any necessary relief or assistance.

Planning a defense against the relentless and evolving threat of a cyberattack requires constant vigilance. Businesses must use all the tools at their disposal to design and implement security protocols that cover every aspect of their organization, including their employees. Every business can rely on employee monitoring to achieve real-time visibility into online user behaviors, allowing them to detect and block accidental or intentional credential misuse before a data breach occurs. It also gives an organization a far better chance at safeguarding its data, finances, customers, and reputation against malicious actors, both external and internal.

Tom Miller,  chief executive officer, ClearForce