Cyber security: what can be done to tackle threats from within an organisation?

Cyber security: what can be done to tackle threats from within an organisation? Almond publishes its first Insider Threat report.

In cyber security, the insider threat is particularly difficult to identify, and can cause a great deal of harm to organisations. In its Insider Threat report, Almond proposes an analysis of this threat and suggests how companies can protect themselves against it.

RELATED: The role of IT governance in cyber security risk management

Insider Threat is the one of the first in-depth work on the sensitive and complex subject of insider threat in terms of cyber security. The report analyses the nature of this insider threat, the legal action that companies can take in order to tackle it, and the measures that can be set up to protect against it. After Threat Landscape 2023, its first report on the state of cyber threats published last April, Insider Threat continues Almond’s policy of providing detailed analyses of the key problems involved in cyber security.

The most important points in the Insider Threat report

ADVERTISEMENT

• Insider threat is formidable, particularly because it is multi-dimensional and can outwit all the classic protection measures. Also, it is notably difficult to detect, whether it originates from a malicious insider (an individual or group of individuals who take advantage of their knowledge of the company’s computer system and, either for money or revenge, provide criminals with access), from a negligent insider (who is ignorant of security procedures or who is operating in a situation where control and security are too lax), or from an external insider (e.g. one of the company’s regular partners or suppliers).
• In order for companies to provide themselves with effective legal protection, contracts must include confidentiality, non-competition clauses, and internal rules of procedure must specify security regulations with regard to computer systems. Furthermore, harm done to computer systems (unauthorised access to data, data theft, misappropriation of intellectual property, the divulging of business secrets, fraud…) is punishable under French law.
• In order to combat insider threat, a company must first understand the true nature of it and the risks to the organisation. Then it must evaluate the consequences of malicious behaviour, set up appropriate security procedures, train all staff in the requirements of cyber security, impose a strict access policy (a “zero trust” approach), and, if necessary, use software for user behaviour analysis.

Almond’s CTI CWATCH

Almond has created its own department dedicated to intelligence on cyber threats – CTI CWATCH. Almond’s ability to contextualise information helps decision-makers to take any current threats into account when carrying out operations. The versatility of the CTI team means they can provide a company with the means to protect itself at a high level of operational strategy, by means of actionable information processed both from a European and a French perspective. Almond’s publications are regularly updated and can be accessed on a dedicated threat intelligence platform that gives information about the sort of people who make threats, reports on different sectors, makes geopolitical analyses from the cyber standpoint, and provides notes on malicious software and other tools, as well as on points of vulnerability.

When cyber-criminals recruit through the Internet ADVERTISEMENT In its report, Almond provides numerous examples of insider threat causing major harm to businesses. It also analyses the behaviour of groups of cyber-criminals, notably regarding the “recruitment” of insiders, particularly from banks, hospitals, social network platforms, public services, and online payment platforms. One of these groups posted the following advertisement on Telegram: “Do you work for a company that you hate with all the depth of your being? Or did your boss fire you without thinking to stop your access to the computer system? You will find solace in our welcoming arms.”

“20% of cyberattacks on organisations come from individuals within those organisations, acting intentionally and sometimes with premeditation. There are more and more examples of connections between insider threat and criminal organisations, which increases the breadth of the attacks. Classic means of defence are often difficult to set up and may be extremely burdensome. This is why Almond proposes an in-depth threat analysis, for, although threats can be well identified, they are not often studied. In particular, Almond analyses the different types of incidents and offers workable solutions,” noted Jean-François Aliotti and Olivier Pantaleo, Co-Directors of Almond