- Insider threats now account for more than half of cases at 57%
- Employees’ devices and credentials are among the most targeted
- Companies should recognize this and tighten access to a quick fix
New data from Orange Cyberdefense has suggested that the biggest risks businesses now face may come from within, with insider threats rising from 47% to 57% in less than a year.
For the first time ever, internal threats have become more common than external, with hacking remaining fairly stable at 31% of attacks compared to employee abuse, which rose from 29% to 45%.
But while it’s employees who may drive a higher risk internally, companies can do more to protect themselves in far more than just the basic cybersecurity sense.
The article continues below
Internal risks are now the biggest threat facing organizations
The report attributes some risks to the rise of shadow IT – something we’ve been hearing a lot about lately as companies struggle to properly deploy AI across their organizations. Frustrated workers often resort to unauthorized tools, and they often send sensitive company information into public apps.
There’s also the fact that hackers themselves are more often targeting company insiders and exploiting day-to-day employee behavior rather than having to rely on more sophisticated, crafted attacks from the outside.
“While not inherently malicious, employee abuse can be just as damaging as a sophisticated breach, especially given that attackers are increasingly turning policy solutions into external entry points,” explained senior security researcher Carl Morris.
Endpoints remain one of the biggest targets, with workers’ devices involved in more than half (53%) of incidents. And while they account for a smaller percentage overall, identity attacks also rose from 10% to 17% in about a year.
Looking ahead, Orange Cyberdefense encourages companies to recognize that many risks now come from within an organization. Tightening access controls and privileges can reduce the attack surface altogether, while simple multi-factor authentication can also serve to prevent attackers from gaining access.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
