Insider threats are getting costlier and harder to detect
A recent study from IBM revealed that insider threats were the costliest data breaches of 2024, averaging $4.99 million per incident.
Andrius Buinovskis, cybersecurity expert at security platform NordLayer, says that as more companies adopt a browser-first approach, mitigating insider threats will become even more challenging because of the limited visibility security administrators have into employee activity taking place within the browser.
“Employees have access to incredibly sensitive data and resources which, when leaked, can have devastating consequences to a company’s reputation, result in GDPR fines, or be used for ransomware demands,” says Buinovskis. “Insider threats pose a significant danger due to their high impact, but they’re also harder to detect. Employees are trusted members of the organization, and their malicious actions can blend in with usual activity, potentially going unnoticed for months.”
Spotting malicious activity inside the organization has become even more challenging due to the rise of web-based software as a service (SaaS) applications. In traditional IT environments, these threats can be mitigated by ADR (automated detection and response) and XDR (extended detection and response), which observe network connections, file-based systems, and desktop applications. However, their observability of browser activity is very limited -- for example, they can’t distinguish between normal work tasks and data exfiltration or which records were accessed or downloaded.
“Consumer-grade browsers do not offer security admins a comprehensive view into employee activity, creating the perfect environment to carry out malicious activities without getting caught,” says Buinovskis. “As a result, the risk of data exfiltration, sharing credentials and confidential information, data theft, unauthorized web application use, and even sabotage by deleting or modifying critical information are all amplified in cloud-first, browser-heavy working environments.”
It’s also true that consumer-grade browsers don’t offer the possibility of enforcing centralized security controls. Consequently, employees can act as they please: download malicious browser extensions, screenshot or copy sensitive data, and share it with outside parties -- all of which can lead to devastating data breaches.
“The longer malicious employee activity remains undetected, the greater its impact and the more extensive the resulting damage. This underscores the importance of robust observability and rapid incident response,” concludes Buinovskis. “Companies must prioritize strict access controls, strong user authentication, and continuous employee activity monitoring to mitigate insider threats effectively. For organizations operating in a web-based SaaS environment, leveraging the built-in security tools and enhanced observability of an enterprise browser is essential for comprehensive protection.”
You can find out more on the NordLayer blog.
Image credit: vchalup2/depositphotos.com