Insider cyber threats hamper SA firms

Simnikiwe Mzekandaba
By Simnikiwe Mzekandaba, IT in government editor
Johannesburg, 11 Jan 2024
Data shows 77% of companies experienced at least one cyber security breach in the past two years.
Data shows 77% of companies experienced at least one cyber security breach in the past two years.

Eleven percent of companies in South Africa suffered from deliberate malicious cyber incidents caused by staff members.

This is according to a new study conducted by cyber security firm Kaspersky, which looks at the cyber incidents caused by the ‘human factor’ as well as insider cyber threats.

For its 2023 Human Factor study, Kaspersky surveyed non-IT employees, IT staff and decision-makers operating within an organisation across 19 countries, including South Africa.

All respondents were at manager level working for SMEs with 100 plus employees, or enterprises with more than 1 000 employees.

The cyber security firm makes a distinction between two types of insider threats, namely unintentional and intentional. Unintentional, or accidental threats, are employee mistakes such as falling for phishing and other social engineering methods, or sending sensitive and confidential information to the wrong person, etc.

Conversely, intentional threats are perpetrated by malicious insiders who deliberately hack into their employer’s systems. They are usually done for financial gain from the sale of sensitive data or as an act of revenge. Malicious insiders aim to disrupt or stop an organisation’s regular business operations, expose IT weaknesses and obtain confidential information.

The Kaspersky survey found 26% of all cyber incidents in the past two years were caused by employees’ intentional information security policies violations.

In the case of South Africa, 82% of companies surveyed faced cyber incidents in different forms, 11% of which were caused by deliberate malicious behaviour by employees.

“Malicious actors can be discovered anywhere – in huge enterprises or small businesses, you never know,” comments Alexey Vovk, head of information security at Kaspersky.

“That’s why businesses should build an up to date, resilient, transparent IT-security system, uniting effective security solutions, smart security protocols and training programs for both IT and non-IT staff to safeguard against this threat.

“Additionally, it’s crucial to implement products and solutions that will protect the organisation’s infrastructure.”

Kaspersky notes insiders with malicious intentions are the most dangerous of all employees who can provoke cyber incidents. Threats posed by their actions are complicated by several factors:

*Insiders have specific knowledge of an organisation’s infrastructure and processes, including understanding of the information security tools used.

*They are already inside the company’s network, and do not need to penetrate the perimeter from outside via phishing, firewall attacks, etc.

*They have colleagues and friends within the organisation, so it's much easier for them to use social engineering.

*Insiders with malicious intentions are highly motivated to harm their organisation.

“When an employee has been fired, malicious behaviour might take place out of revenge.

This can be conducted through their connections with other employees. The worst-case scenario occurs if they still can log into their work account remotely because the organisation hasn’t removed their ability to access corporate systems.

“Employees can also act maliciously when they are unhappy with their job or ‘to get even’ with an employer who didn’t give them an expected raise or a promotion.

“Another distinctive type of malicious action occurs when one or more insiders collaborate with an external actor to compromise an organisation. These incidents frequently involve cyber criminals recruiting one or more insiders to carry out different kinds of attacks. There may also be cases in which third parties, such as competitors or other interested parties, collaborate with staff to obtain the company’s sensitive data.

Breaches of cyber security experienced in the last two years. (Source: Kaspersky)
Breaches of cyber security experienced in the last two years. (Source: Kaspersky)

South Africa has recorded a number of high-profile cyber attacks recently, with credit bureaus and several government departments suffering attacks, as well as highly-organised distributed denial-of-service attacks on banks.

The Council for Scientific and Industrial Research estimates financial losses of up to R2.2 billion per annum to the South African economy as a result of cyber crime.

Data from Kaspersky shows that more than three-quarters (77%) of companies experienced at least one cyber security breach in the past two years, with many enduring up to six in that period.

Sixty four percent (64%) of all cyber incidents in the past two years were caused by human error, the study reveals, adding that 14% of cyber incidents are due to senior IT security staff errors, compounded by a further 15% of errors being caused by other IT staff.

The survey shows that 18% of respondents said skills shortage in cyber security is the cause of incidents in their companies. “This is reflected in an overall concern where 75% of companies regard the shortage of skilled staff as a serious problem.”

In further notes that 41% of companies feel they have gaps in their cyber security infrastructure and plan to increase investments in this area moving forward.

It also shows that 21% of respondents say they do not have the budget to take adequate cyber security measures, while 28% believe they have what they need to stay ahead of potential threats.