Insider threats accounted for nearly 35% of all unauthorized access cyber incidents in the third quarter of 2022, its highest quarterly level to date, Kroll has found in its Q3 2022 Threat Landscape report, published on November 8, 2022.
According to Kroll, the surge is mainly due to the phenomenon of the ‘great resignation’ in the wake of the COVID-19 pandemic and the shift to remote work.
“While always a challenge, the risk of insider threat is particularly high during the employee termination process. Disgruntled employees may seek to steal data or company secrets to publicly undermine an organization, while other employees may seek to move over data–such as contacts lists and other proprietary documents–that they can leverage at their new organizations,” reads the report.
Insider threats require companies to rethink their security posture, Jaycee Roth, Kroll associate managing director, argued in the report. “Unlike the usual circumstances in cybersecurity, where you are defending the network from (at least in the initial attack stage) external attackers, in an insider threat situation, you are defending the business from someone on the inside. This can be particularly difficult, as the user often won’t raise any red flags and could have a high level of permissions and access rights.”
Laurie Iacono, another Kroll associate managing director, said, “To counter insider threat, organizations should pay close attention to the access rights they give to staff and always try to maintain a ‘least-privilege’ environment,”
“Monitoring for suspicious activity – such as a particularly large data download or unknown USB device – is another way to spot potential compromises of security. Above all, clear instructions to employees on what is and isn’t allowed, combined with fast and efficient IT and HR processes that work together in harmony, will prove the best defense against insider threat becoming a trojan horse,” Iacono continued, speaking during a press conference on October 8, 2022.
Uptick in Phishing and USB-Enabled Incidents
Overall, the report shows that cyber incidents involving unauthorized access slightly rose to 27% of all events in Q3 2022, from 17% in Q1 and 26% in Q2. Email compromise came first, representing a stable 30% share of all incidents.
However, the share of ransomware incidents decreased from 32% in Q2 to 25% in Q3, partly due to the Conti hacking group officially shutting down their actor-controlled site on June 23. “The official release of LockBit 3.0 dominated the ransomware headlines in the first part of Q3 [and the] incidence of LockBit cases increased dramatically during the quarter,” notes the report.
Other findings include an uptick in phishing and USB-based malware, two key vectors for threat actors to get credentials for initial access.
Regarding targeted industries, Kroll found that professional services overtook healthcare as the most targeted sector overall in Q3, accounting for 21% of all cases, compared with just 12% in Q2.
Manufacturing and financial services followed, with 12% and 11% of all cases, respectively. Healthcare targets dropped, accounting for only 9% of all cases, compared with 21% in Q2.
Listen to the IntoSecurity Podcast Episode 39 here to understand more about insider threats and their impact on cybersecurity today.