In today’s digital age, cyber threats are becoming increasingly sophisticated and pervasive. Companies must be aware of the potential threats that may come from insiders, reportable incidents, and poor online behaviours to protect their employees and organisational data. Building a robust security culture within an organisation is vital to achieving cyber resilience.
Insider threats are a major concern for businesses. Current and former employees, contractors, and business partners with authorised access to a company’s data, networks, and systems pose a significant risk. Malicious insiders intentionally misuse data to harm the organisation or gain personal benefits at the company’s expense. Non-malicious insiders unintentionally allow threat actors access to the business’s data or network by exhibiting poor online behaviours and falling prey to social engineering, such as phishing campaigns.
Phishing is a reportable incident that occurs through messages such as email, social media, or other communication mediums. Attackers deceive people into revealing sensitive information or installing malware by sending messages that appear to come from a known contact or organisation. The lack of training in correctly reporting suspicious emails may result in the further distribution of malicious payloads. Social engineering is the highest risk to any organisation.
PAC’s Cyber Security team recently ran a phishing simulation (email) at a client. It was noted that 65% of the employees – all levels – opened the attachment and disabled Protected View. Many had forwarded the email to other colleagues and IT. Surprisingly, users that had completed Defence mandatory Security Awareness performed worse than those that had completed client-specific Security Awareness.
In 2022, insider threat incidents rose 44% over the past two years, with costs per incident up more than a third to $15.38 million. Most insider threats could have been avoided through early reporting and supportive work environments. There are many ways to prevent Insider Threats, starting with Security Awareness.
To detect insider threats, companies should have ICT technical policies in place that monitor the excessive copying or modification of files, unauthorised or excessive use of removable media, unusual system usage outside of regular business hours, and excessive data access or printing compared to their peers.
To prevent insider threats and protect the organisations’ data, assets, and infrastructure from unauthorised access, companies should foster a good security culture and place multiple layers of security controls throughout their facilities and IT systems. Some simple best practices include early reporting of security incidents, being mindful of where the staff takes portable electronic devices, reporting suspicious emails correctly, never plugging an unauthorised device into a company’s computer or Defence Network, and being mindful of oversharing personal or professional information on social media.
Lastly, smartphones may also pose a threat to the business’s security. It is essential to manage privacy settings and remember that everything that goes online is permanent. Companies must create a supportive work environment that encourages early reporting and protects their employees from harm, information, assets, and infrastructure from unauthorised access, sabotage, wilful damage, theft or disruption, and unauthorised disclosure of information, whether deliberate or accidental.
In conclusion, cyber resilience is essential for protecting employees and organisational data. Companies must be aware of potential threats from insiders, reportable incidents, online behaviours, and best practices. Building a robust security culture within an organisation is vital to achieving this objective. By taking proactive measures, companies can ensure that they are well-prepared to handle any cyber threat that may come their way.
At PAC, our Cyber Security capability offers Education, Awareness, and Training services to help businesses improve their cyber resilience. Our experts can help your organisation stay protected and prepared against cyber threats.
Learn more: https://pacificaerospaceconsulting.com.au/services/#cybersecurity
Download the Capability Statement and Quad Charts: https://pacificaerospaceconsulting.com.au/services-capabilities/