CISOs appear to be spending more on mitigating insider risk. Reports suggest 16.5% of cybersecurity budgets are now devoted to it, roughly double the figure of a year ago. To understand why, just read the latest threat intelligence from Google, which warns of North Korean IT workers tricking their way into roles at Western firms.
Fortunately, there is an answer. When combined with strict identity and access management (IAM) controls, data-centric security can help global organizations to protect their most sensitive information from prying eyes—even if they are employees.
From North Korea to Australia
Insider threats are nothing new. There has always been a risk of malicious employees taking IP or customer data for financial gain, or sabotaging systems and stealing sensitive information because they harbor personal grievances against their employer. However, a spate of recent reports about North Korean state actors has put many security leaders on high alert.
According to reports, IT specialists from the hermit nation are taking advantage of remote working opportunities at Western firms to gain employment—often via third-party recruitment or freelance platforms like Upwork. Some use AI tools like deepfakes to create fake but convincing personas capable of passing HR tests. Documents and resumes are also forged. Even a cybersecurity company was tricked into hiring a North Korean worker this way.
The risk is that, aside from sending their wages back to Pyongyang to potentially fund North Korea’s missile program, these workers usually have privilege access as IT admins. That could give them access to sensitive information to download and sell, or hold to ransom. These schemes began in the US but are apparently spreading to Europe.
Yet the insider threat is a global phenomenon. Just las month, a leading Australian law firm contacted police after a “premeditated and carefully planned” email was sent to hundreds of recipients from an insider. It’s suspected the email, which apparently contained a spreadsheet revealing the salaries of hundreds of staff members, was sent by a former employee whose access rights were not revoked after leaving the company.
Insider threats are big business
These examples highlight a growing threat to enterprises. According to one study, the cost of insider security incidents—including negligence as well as malfeasance—has climbed continuously over the past six years. As of 2024, the total average cost was $17.4m. Data types involved in these incidents included authentication credentials, personally identifiable information (PII), corporate financial data, IP, payment card data, and medical information.
Although falling, the average time to contain such breaches still stands at 81 days. That could put the breached organization at risk of:
- Brand and reputational damage
- Financial loss (due to legal and IT costs, lost productivity etc)
- Regulatory fines
- Lost competitive advantage (if IP is stolen)
How data security can help
The challenge for corporate security teams is how to ensure data cannot be stolen or weaponized by a malicious insider. After all, they will be able to bypass perimeter defenses by virtue of having legitimate log-in credentials. The key is layered defenses that combine data security and IAM.
Here’s one way to do it:
- Deploy a data discovery and classification solution to gain continuous insight into what data there is in the organization, and where it flows to
- Draw up policies to protect the most sensitive data, based on risk appetite
- Apply data protection to sensitive enterprise data throughout its lifecycle
- Follow principle of least privilege when assigning permissions to new employees. This will ensure they can access only the data needed to do their job, and no more
- Deploy a Privileged Access Management (PAM) solution to continuously monitor and audit privileged accounts, enforce least privilege policies, centralize authorization and securely store credentials
The comforte SecurDPS solution is a good fit for this kind of data-centric security approach. It delivers continuous AI-enhanced data discovery and classification, and allows enterprise customers to seamlessly enforce data protection such as tokenization, in line with policy. Tokenization is a good choice as it allows business teams to use corporate and customer data in analytics tools without compromising on security.
With these layered defenses, the chances of malicious insiders being able to access sensitive data are much reduced. And even if they do, that data should be rendered useless thanks to encryption or tokenization.