By Emma Leith
The economic crisis is fuelling a surge in insider sabotage and other internal cyber threats across critical national infrastructure (CNI). With criminal groups increasingly targeting struggling employees for access to data in exchange for money, financial services organisations must take proactive measures to strengthen their defences from the inside out.
2023 is proving a complex and challenging year for critical national infrastructure (CNI). Nation-state and criminal actors are capitalising on global uncertainty to mature their operations, and CNI organisations’ cyber security teams and budgets are being pulled in multiple directions. Now, the ongoing cost-of-living crisis and its impact on employees is adding another layer of complexity, exposing CNI and finance to increased cyber risks frominsidethe organisation itself.
RecentBridewell researchreveals that over two-thirds (67%) of security decision-makers across UK CNI have seen a growth in cyber security risk from insiders (whether malicious or negligent) over the last three years. This figure increases to 72% within the finance sector, highlighting the diverse range of security risks facing organisations from within. Reflecting wider concerns about the impact of the economic downturn on people-driven cyber risks, over a third (35%) of cyber decision-makers now anticipate an increase in cyber crime as a direct result of the cost-of-living crisis. Bad news for any organisation – but particularly within CNI due to its importance to daily life and the wider economy.
With theIMF forecasting more cost-of-living pain in the months ahead, how can organisations act fast and put proactive measures in place to minimise the risk of insider threats?
Insider threats are changing
The threat from within is a legitimate, and growing, concern. Bridewell’s research revealed that deliberate and premeditated acts of employee sabotage are on the rise, with the average number of security incidents relating to staff sabotage in finance organisations surging by almost two-thirds (63%) over the last 12 months alone – up from at least once every six weeks to once a month.
Insider threats pose a serious and growing risk to the systems underpinning the UK’s critical infrastructure. Within the financial services sector, employees have privileged access to a wealth of sensitive data, applications, and networks, giving them numerous opportunities to quietly disrupt and damage their organisation from within. The potential consequences of such an incident extend far beyond financial and reputational harm. If not properly contained, insider threats can trigger a series of events that put both financial infrastructure and national security at risk.
At the same time, finance organisations are continuing to modernise their operations. Gradually, they are introducing more cloud capabilities and mobile devices to support new remote working practices – and many financial institutions are now shifting workloads to the public cloud. These new environments require freshly designed and configured control measures for data and critical systems, opening up further opportunities for employees to manipulate or steal information.
Organisations are also more reliant on large third-party networks than before, which expands the insider risk beyond traditional boundaries as external partners and vendors gain access to sensitive financial systems. In this complex and interconnected environment, financial services organisations may struggle to maintain full visibility and control over their data, heightening the risks and making it more challenging to detect harmful insider activities.
Many employees are aware of the weak points in their organisation’s infrastructure and cyber security posture. They are also familiar with the nature and location of the sensitive financial data they can exploit. When these two factors combine, insiders have the tools they need to carry out a destructive attack on their organisation’s systems and operations – whether through desperation, disgruntlement, or a host of other motivating factors.
External pressures, internal risks
However, not all insider threats are malicious. Remote and hybrid working has created vulnerable entry points and heightened the risk of employees compromising their organisation’s security through negligence – often by cutting corners and storing data in unsecured environments. Unsurprisingly, Bridewell found that over a quarter (27%) of CNI security leaders in the finance sector now say that the accidental loss or disclosure of data is their organisation’s biggest IT risk.
A more recent trend has also exacerbated the insider threat. With the cost-of-living crisis piling the pressure on employees, security issues could be sliding down the priority list as organisations’ focus turns to economic stability. Meanwhile, sophisticated criminal groups are targeting vulnerable insiders struggling with rising costs, offering them a lucrative payoff in return for access to sensitive data or protected financial systems. This is creating a perfect storm of cyber risk, causing over a third of finance organisations to anticipate a growth in both fraudulent cyber attacks (39%) and social engineering techniques (36%) as a direct result of economic hardship.
Building an intelligence-led security culture
As both employees and organisations come under increased strain, CNI leaders must strike the right balance between maintaining robust security and trusting their employees as they navigate economically challenging times. They can achieve this by proactively strengthening their cyber defences from the inside out.
Access control is a fundamental part of mitigating internal security risks. Finance organisations can achieve this through appropriate access standards, zero trust principles like least required access, and assessing behaviours of employees, services and devices. This ensures necessary access without unnecessary privileges. These controls should be supported by defence-in-depth security, with a focus on robust monitoring, detection capabilities, vulnerability assessments, penetration testing, and reducing the attack surface to close exploitable security gaps.
But to build a truly mature security posture, organisations must embrace the human element of cyber security. The government’s National Protective Security Agency (NPSA)urges businesses to consider Personnel Security measures from the moment they employ someone to the moment they leave – encompassing pre-employment screening, regular face-to-face reviews, assessing welfare and behavioural changes, and following robust exit procedures.
Continuous employee training and awareness is also vital. Empowering employees to recognise and respond to evolving insider threats promotes a collaborative, intelligence-led security culture, where key information is shared and utilised across the organisation to aid decision-making. Ultimately, this will help finance organisations build a united front, reducing the risk of insider threats even during times of crisis.
This article was originally published on 23 July 2023.
Go to top
About the Author
Emma Leith is the Director of Consulting of Bridewell is a globally recognised cyber security leader with 17 years’ experience across C-suite leadership positions, consulting and services. Emma joined Bridewell in 2022 as the Director of Consulting where she has full ownership of Bridewell’s consultancy capability. She brings a sustained focus on instilling excellence in Bridewell’s engagements with industry-leading and expert-led delivery.
