The rise of the outsmarted insider

Malware, ransomware, and phishing. These are just a few examples of software disruptors that can wreak havoc on a business and cause major personal and financial loss.

Most recently, organizations and vendors have gotten good at protecting their business from malware and infiltrations from the outside. Their security has gone up, so it's now more difficult and expensive for an outside attacker to attack this traditional way. Additionally, organizations have gotten smarter about preventing ransomware and not falling for the ransomware attack by paying the ransom. Most organizations won't pay the ransom anymore because governments don't want them to.

Now, lines are starting to blur when it comes to traditional malware attacks and insider threats.

When you think of insider threats, most people tend to think of the non-malicious or malicious employee: a negligent employee causing harm to an organization by being careless and inattentive, a disgruntled employee stealing corporate data on purpose or just an employee simply making a genuine mistake. We’ve seen insider threats within government entities -- most recently with the arrest of a junior US national guardsman who stole and shared classified military intelligence.

Today’s landscape has seen the emergence of a third category of insider threats: the outsmarted employee. This leads to attackers figuring out how to be much better at socially engineering an insider to outsmart them. According to the 2023 Ponemon Cost of Insider Risks Report, “outsmarted” insiders make up 20 percent of all insider security incidents, costing an average of $4.2M per year, not including the cost of collateral damage.

Outsmarting an insider is much more damaging than a scam because you're outmaneuvering the employee and you're gaining access to the entire organization. And this emerging attack vector is gaining traction.

Essentially hackers are becoming cleverer than ever as they are realizing that the best way for them to get what they want -- the financial outcome they want -- in the easiest, cheapest way is via an insider. And they are moving away from the typical blackmail and bribe scams, where the consumer is the victim targeted. When outsmarting an insider at an organization, adversaries stand to gain legitimate authorized access to corporate or government systems.

According to the FBI, business email compromise, also known as email account compromise, is one of the most financially damaging online crimes. It’s also easy. Hackers send an email message that appears to come from a known source making a legitimate request. From there, the scam happens. But now, many employees are smart enough to see through this scam thanks to various news headlines and some employee training.

Unfortunately, hackers are taking business email compromise a step further now, gaining access to an actual email inbox and learning the way a person conducts themselves when sending an email, effectively learning how to imitate their potential victims. Also known as socially engineering, this enables them to paint an even stronger picture so the scam is successful. When hackers gain access to your email, it means that outsiders have now become insiders -- and organizations need to understand their insiders. The recent Microsoft attack offers a real-world example of how nation-state actors are leveraging this tactic to outsmart and weaponize non-malicious insiders.

Unfortunately, cyber leaders are failing to direct their budgets towards effectively addressing the insider risk problem, spending less than 10 percent of their security budgets on measures that could solve a problem that now costs an average of $16.2M every year. This is because of the big focus that’s always been on malware -- learning to prevent it and hunt it.

Insider risk management is the only realm within cybersecurity to successfully merge psychology with technology to provide that proactive and preventative approach.

By prioritizing insider risk management and continuing to evolve education efforts to employees, organizations stand to proactively mitigate these threats before they turn into costly incidents.

Image credit: Andreus/depositphotos.com

Mohan Koo is President and Co-Founder of DTEX Systems.