CISOs Warn: Employees Pose Biggest Cybersecurity Threat
A new report by Proofpoint has revealed that a significant majority of CISOs consider their staff to be the biggest threat to their corporate cybersecurity. This comes as no surprise, given that malicious insider attacks have been found to result in the highest average data breach costs, according to IBM. The 'human element' is involved in around 60% of data breaches, highlighting the critical role that employees play in cybersecurity.
Recent attacks targeting corporate Salesforce instances have underscored the evolving social engineering threats. In recent months, over 700 companies, including prominent IT and cybersecurity firms, were affected by a cyberattack exploiting the Salesloft Drift integration with Salesforce. Attackers misused OAuth tokens to access Salesforce data, stealing over 1.5 billion records. The breach led to data losses related to CRM fields, support tickets, and business contacts. Affected companies took emergency measures such as credential resets and enhanced system monitoring. The stolen data are reportedly used for ransom demands by the attacker group Shinyhunters.
Insider threats are no longer a slow-burn risk and are increasingly becoming the front line of data loss. The number of employee sabotage incidents at critical infrastructure firms has surged by 62% annually. Moreover, North Korean IT workers have been trying to gain employment at US companies using stolen identities and deepfake technology. People are often considered one of the biggest security threats to organizations, and insider risk is not just about negligence; malicious insiders can cause significant harm. Credential abuse and phishing were among the top three initial access vectors for breaches over the past year, according to Verizon.
The recent findings emphasize the critical need for organizations to invest in robust insider threat programs and employee training to mitigate the risk posed by the 'human element'. As insider threats continue to evolve and grow, so too must the strategies to combat them.
