Search
Close this search box.

Cyber risk insider threats ‘under-reported’

Share:

Via Australian Cyber Security Magazine

Ahmed Khanji, CEO of Gridware Cybersecurity, has told Emergence Insurance’s latest webinar for brokers that Gridware statistics suggested insider threats were a bigger risk than malicious or criminal attacks.

The latest OAIC statistics found malicious attacks were responsible for 57% of notifiable data breaches (NDBs).

Mr Khanji’s data showed malicious threats lagged behind insider threats. “Contrary to what’s being reported to OAIC, we’ve found employees are the greatest threat. Consider who has access to your customer lists and email contacts.”

He said a global survey found 87% of executives viewed untrained staff as the greatest cyber risk to their businesses, yet staff training was ranked high among categories to have made the least progress when measured against the US-developed, voluntary National Institute of Standards & Technology’s cyber-security framework.

Mr Khanji said many insider threats came from “phishing” incidents where people were manipulated by emails that tricked them into disclosing or changing passwords.

Emergence Head of Sales Gerry Power said OAIC’s latest report found human error was responsible for 37% of NDBs. “As humans, we keep finding new ways to make mistakes,” he said. “But, with sound risk management in place, many breaches can be prevented. Employees are the last line of defence, they must be educated to identify such things as dodgy emails and suspicious invoices.”

Medical data was particularly vulnerable because it sold for nine times more than financial data on the dark web.

Mr Power said managing data breaches was critical to business survival. Mr Khanji agreed, saying reputation damage was the biggest loss. “About 85% of people won’t do business with companies that have had known data breaches. Facebook is now one of the least trusted companies in the world.”

Mr Khanji said organisations needed good firewalls to guard their networks; strong anti-virus software; endpoint protection for all devices; and intrusion detection and prevention systems that inspected all inbound and outbound activity and blocked suspicious activities.

“A hacker can be in your system for 200 days before being identified,” he said.

Mr Khanji said protection methods included:

  • Strong passwords, long enough to prevent brute force attacks
  • Two-factor authentication
  • Not sharing passwords across multiple devices
  • Regular testing and auditing of company policies and procedures.

Emergence Managing Director Troy Filipcevic distinguished cyber threats from social engineering, which used psychological manipulation to get people to divulge information using trickery, deception and impersonation.

He said social engineering was targeted, sophisticated fraud where trust was built and human weaknesses exploited.

Author picture

Gridware is one of the leading cybersecurity providers in Australia, delivering world-class outcomes for our clients. We are uniquely positioned as an independent advisor, giving clients the confidence that they have mitigated their cybersecurity risks to best-in-class standards. If your organisation requires an approach to cybersecurity that is robust and reflects best-standard approaches to the latest threats, get in touch with us today for a discussion.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →