InfoSec Advisory with Del Aden: Businesses in Africa still not addressing insider threats!

Del Aden is a UK-based Enterprise Architect

Organisations in Africa are still not addressing inside threats when it comes to Digital security and physical assets, leaving themselves wide open to data breaches as a result.

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.

Insider threats include a range of things from unintentional errors and compromised credentials all the way through malicious insiders intentionally taking data outside of their organisation, which is all causing problems, but many organisations still have not got their head around that yet. One of the main reasons for this, is that most organisations’ cyber defence strategies focus on external attackers and threats – especially malware – rather than the broader spectrum of risks they actually face.

They are used to dealing with external attackers, malware, manipulated documents coming into their environment and dealing with security issues on endpoints, but have still got blinkers on when it comes to insider threats.

Types of insider threats:

Malicious insider: is someone who maliciously and intentionally abuses legitimate credentials, typically to steal information for financial or personal incentives. For example, an individual who holds a grudge against a former employer, or an opportunistic employee who sells secret information to a competitor. Typically, they have an advantage over other attackers because they are trusted and are familiar with the security policies and procedures of an organization, as well as its vulnerabilities.

Careless insider: is an innocent person who unknowingly exposes the organisation to outside threats. This is the most common type of insider threat, resulting from mistakes, such as leaving a device exposed or falling victim to a scam. For example, an employee who intends no harm may click on an insecure link, infecting the system with malware.

A mole: is an imposter who is technically an outsider but has managed to gain insider access to a privileged network. This is someone from outside the organization who poses as an employee or a trusted partner.

Vast opportunities for insider threats

Malicious hackers thrive on chaos and confusion and the global COVID-19 crisis represents a perfect storm. For insider threats in particular, the crisis has given rise to three key conditions that have placed bad actors in an advantageous position.

  1. Exploiting additional privileges – Many companies have been forced to promptly adopt solutions allowing staff to work remotely before performing a security risk assessment and providing additional privileges and accesses to be able to continue (team) work. This allows existing malicious insiders to exploit further data sources.
  2. Reduced vigilance – Most organizations were not prepared for remote working or had any policies pertaining to telecommuting in place. Security awareness programs often fail to address how to work remotely. The result? An increased likelihood that untrained employees unintentionally share and leak information via insecure channels or malicious sites. In addition, the familiar surroundings and safety of one’s home can reduce the vigilance of employees handling confidential data, such as privacy sensitive data as well as business secretseven further.
  3. COVID-19 phishing expeditions -Phishing attacks through social engineering have been taking advantage of workers’ concerns about COVID-19 and their need to learn more about the virus and helping others in this time of need.  These emails may purport to be from the World Health Organization or similar bodies.

Warning signs of Insider threats

People and data are on the move now more than ever. Cloud solutions and collaboration tools make it easy for employees to access and share a wide range of sensitive information, such as details about the company’s customers, finances and strategy. In particular, when employees plan to leave an organisation, they sometimes use their access rights to steal intellectual property and other data they can use in their next job, or to delete content out of spite.

To mitigate these risks effectively, organisations need a clear understanding of what techniques are most likely to be exploited and which activity is a sign of an insider threat in progress.  Below are some of the warning signs you need to look for. You can spot valuable assets theft attempts in real time by watching for events such as:

  • Unexplained Financial Gains
  • Abuse by Service Accounts.
  • Multiple failed logins.
  • Incorrect software access requests.
  • Large data / file transfers or deletion

So what Sector is most vulnerable to insider threats?

Many people talk of the hidden ‘insider’ threat of the Aviation sector.  An Airport is a complex entity, with multiple occupants, a transient population and time-critical operations. Such an environment is vulnerable to a variety of different risks and insider threats. But while external threats are significant, an issue of growing concern is that of the ‘insider threat’. In my next article, I will examine the forms this threat can take, the motivations of ‘insiders’, and the steps airports can take to mitigate them.

Many Organisations in Africa are in denial

When it comes to insider threats to data security, too many organizations in Africa are in denial. Not all employees will take company data, but chances are high that if you don’t put proper precautions in place, employees will put your valuable Intellectual Properties at risk, either intentionally or accidentally. This isn’t a matter of opinion; hard facts tell the story:

According to the most recent Verizon Data Breach Investigations Report, the percent of data breaches caused by insiders rose from 28% to 34%.  Further, Ninety percent of organizations feel vulnerable to insider attacks. The main enabling risk factors include too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%).

With well over one-third of all data breaches caused by insiders, the threat is just too serious to ignore. Yet, although many organisations understand the risk, they don’t take the threat seriously enough and those that do are unsure how to best address the challenge!

Why it matters

Most organisations’ cyber defence strategies focus on external attackers and threats, rather than the broader spectrum of risks they actually face. As a result, we need a mindset shift to focus on the wider challenges of security issues. By looking at what users are doing, organisations will be in a better position to identify anomalous or potentially risky activity. Getting visibility of user behaviour is the first important step, because it then enables organisations to establish control and take a broader view of security risk.

Gaining greater control is particularly important in the light of new data protection regulations across many African countries. It matters because most organisations are increasingly using cloud-based applications and services, and that a growing proportion of the workforce is working remotely.

In conclusion

Many organizations have started the process of adopting holistic approach to insider risk management, but those that haven’t should not delay. COVID-19 has changed the threat landscape and the elevated insider threat it has created will be relevant for a long time to come. As such, maintaining oversight of your key risks to protect your people, your assets and your reputation is critical during this time. Don’t lose sight of risks when they are actually increasing.

It is your responsibility to empower your employees with training and an ‘on-guard’ mindset to protect your digital and physical assets from modern cyberthreats such as insider threats.  We at Delta3 International stand ready to work with your organisation to help assess and manage your insider threats strategic approach that meets the specific need of your organisation.

>>>Del Aden is a UK based InfoSec & Business Continuity Consultant, with main focus on helping organisations to implement Digital Transformation, defend their digital infrastructure and plan their Business Continuity Strategies. Del is also a Freelance writer, international Conference speaker and a Global trainer. Contact: [email protected] |  WhatsApp:+44 7973 623 624  |  Web:

Leave a Reply