‍The Gist

Insider cyber attacks are on the rise, according to the Cybersecurity Insiders’ 2024 Insider Threat Report.These threats occur when individuals with authorized access misuse their privileges to harm the organization, intentionally or unintentionally. A recent high-profile example of this threat materialized in September 2024, when Macy's fell victim to a significant insider fraud scheme, where a group of employees exploited their access to the company's systems to orchestrate a $154million theft through fraudulent gift card transactions and refunds. The difficulty in detecting such attacks often results in significant data loss or financial damage before organizations become aware.

These threats pose a unique challenge due to malicious insiders’ intimate knowledge of an organization’s systems and processes. Insider attacks are notoriously difficult to detect, often involving minimal deviation from standard behavior patterns. Further complication detection, most organizations still rely on fragmented systems, lacking unified visibility and control across their environments. Complex IT landscapes, new technology adoption, and inadequate security measures also delay the detection of insider attacks.

Just how pervasive are insider attacks? In 2024:

●     83% of organizations reported insider attacks, a 23% increase from 2023

●     Most of these organizations reported multiple attacks; 25% experienced 6 - 10 attacks

●     32% estimated their cost to remediate an insider attack at $100k - $499k, while 48% estimated costs to be $500k - $2 million

●     55% of organizations recovered from an insider attack within 24 hours, while 45%reported that recovery took a week or more

●     92% find insider attacks as difficult or more challenging to deal with than external cyber attacks

The Latest

‍In response to this growing threat, the US government has warned organizations about the increasing danger of insider cyberattacks. Government agencies have emphasized the importance of insider threat mitigation, particularly for the 16 critical infrastructure sectors defined by Presidential Policy Directive 21, including telecommunications networks, financial institutions, manufacturing facilities, transportation, and hospitals. Additionally, the Cybersecurity andInfrastructure Security Agency (CISA) has issued a mitigation guide to help organizations better navigate these risks.

Trustmi’s Take

‍Insider attacks are a growing threat to organizations, particularly in business payment security. Attackers have the unique ability to exploit vulnerabilities in internal systems like ERPs while weakening existing controls. The long-term impact of these attacks can be severe, potentially causing significant financial losses over extended periods.

In response to this threat, it’s crucial to implement a comprehensive, holistic approach to payment security that can detect anomalies across multiple systems and processes.  Look for behavioral AI solutions purpose-built to stop payment fraud from socially engineered and internal threats. These solutions integrate with emails, ERP and business systems to analyze key signals and catch anomalies before they result in fraud. To learn more about how to best mitigate insider cyber threats, signup for a demo with Trustmi.