- Internal threats now represent more than half of cases, at 57%
- Employees’ devices and credentials are among the most targeted
- Companies should acknowledge this and tighten access for a quick fix
New data from Orange Cyberdefense has suggested the biggest risks companies face could now be coming from inside, with internal threats rising from 47% to 57% in the space of less than a year.
For the first time ever, internal threats have become more common that external ones, with hacking remaining pretty steady at 31% of attacks compared with employee misuse, which rose from 29% to 45%.
However, while it’s the employees who could be driving a higher risk internally, companies could be doing more to protect themselves in far more than just the basic cybersecurity sense.
Article continues below
Internal risks are now the biggest threat organizations face
The report attributes some risks to the rise in shadow IT – something we’ve heard a lot about lately as companies struggle to apply AI correctly across their organizations. Frustrated workers often resort to unapproved tools, often feeding sensitive company information into public apps.
There’s also the fact that hackers themselves are more frequently targeting company insiders, exploiting everyday employee behavior instead of having to rely on more sophisticated, crafted attacks from outside.
“While not inherently malicious, employee misuse can be just as damaging as a sophisticated breach, especially given that attackers are increasingly turning policy workarounds into external entry points,” Senior Security Researcher Carl Morris explained.
Endpoints remain one of the biggest targets, with workers’ devices involved in more than half (53%) of incidents. And while they account for a smaller percentage overall, identity attacks also rose from 10% to 17% in around a year.
Looking ahead, Orange Cyberdefense urges companies to acknowledge that many risks now come from within an organization. Tightening access controls and privileges can shrink the attack surface altogether, while simple multi-factor authentication can also serve to prevent attackers from gaining access.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
You must be logged in to post a comment Login