Battling Insider Threats: A Critical Challenge for Indian Organisations

Insider threats are a critical challenge for organisations worldwide, and the situation is no different in India. In a comprehensive survey undertaken by PwC, 62% of respondents from India identified insider threats by current employees, past employees, and contractors as a unique challenge.

These insiders can cause the most damage as they have authorised access to sensitive data and systems and know precisely how to exploit vulnerabilities to their advantage.

Humans: The Weakest Cybersecurity Link

Insider threats can be intentional or unintentional, with the latter primarily caused by people who genuinely intend to do the right thing but make mistakes. Analysts estimate that by 2025, human error or a lack of talent will be responsible for over half of significant cyber incidents. For instance, an employee may accidentally click on a phishing link, a contractor may fall prey to an MFA fatigue attack, or an IT administrator may expose sensitive data after misconfiguring a cloud account.

Managing Insider Risks

As organisations grow more extensive and complex, users can work from everywhere, storing and accessing data in web applications, internal files, databases, and services hosted on-premises and in the public cloud. To mitigate the risks of insider threats, it is crucial to understand what needs protection and where assets are storedsafely. Organisations must consistently record, audit, and protect end-user activity, particularly in web apps and privileged sessions, to quickly uncover and mitigate insider threats.

Organisations must also use AI to help contextualise user behaviour data and establish baselines for users across their access to web apps, resources, and privileged accounts. This practice makes detecting risky behavior easier, gauging the likelihood of identity compromise, and enabling workers to operate without unnecessary disruption.

It is also essential to improve the insider experience to minimise insider risks. Organisations must anticipate and remove barriers to make it easy for people to do the right thing. For instance, repeated authentication prompts to access resources they regularly use can be frustrating for users. As a result, some people store files in Dropbox, send information via personal email, share passwords, or install rogue applications. This behaviour can unintentionally put data and systems at risk.

Bridging the cybersecurity gap

To bridge the cybersecurity expectation-reality gap, organisations must promote continuous authentication and authorisation for all identities, along with secure, least privilege access that's granted just in time. Organisations often use separate products to manage access for workforce and privileged identities, requiring separate user and resource management and identity-related risk assessment. However, without unified threat detection, teams are more likely to miss, mishandle, or respond too slowly to threats from both inside and outside.

Insider threats are a growing concern for Indian organisations, and it is crucial to assess and manage insider risks better. The above mentioned measures can help organisations evaluate their insider risks and mitigate them effectively. Furthermore, organisations must anticipate and remove barriers to make it easy for people to do the right thing, promote continuous authentication and authorisation, and tackle identity-based threats holistically. By implementing these practices, organisations can reduce the risk of insider threats and protect their sensitive data and systems.

Author: Rohan Vaidya, Regional Director – India & SAARC at CyberArk