the-events-calendar domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home3/aijournc/public_html/wp-includes/functions.php on line 6114rocket domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home3/aijournc/public_html/wp-includes/functions.php on line 6114pods domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home3/aijournc/public_html/wp-includes/functions.php on line 6114According to a report by Intrusion<\/a>, cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015. To put this into perspective, this is over double the revenue generated by the oil and gas industry, which generates approximately \u00a35.3 trillion<\/a> annually.<\/p>\n\n\n\n At a growth rate of 15 percent year on year, cybercrime is already one of the most profitable illegal occupations in the world, outstripping even the global drug trade. In fact, according to Intrusion\u2019s research, cybercrime represents the greatest transfer of economic wealth in history.<\/p>\n\n\n\n For such reasons, Intrusion CEO, Jack Blount, views cybercrime as one of the most significant threats to present day business operations and economic prosperity.<\/p>\n\n\n\n “Cybercriminals know they can hold businesses \u2014 and our economy \u2014 hostage through breaches, ransomware, denial of service attacks and more. This is cyberwarfare, and we need to shift our mindset around cybersecurity in order to protect against it.”<\/p>\nJack Blount, President and CEO at Intrusion, Inc.<\/cite><\/blockquote>\n\n\n\n But while this notion of cyberwarfare can certainly help us to take cybersecurity more seriously, it also cultivates the misleading perception that cybercrime is a black-and-white, good guys vs bad guys type situation, when a deeper look tells us otherwise. Recent research published in Cyber Security Magazine<\/a> from IT hardware company, Apricorn, indicates that up to 70% of data breaches can be traced back to the actions of employees, i.e. result from insider threats.<\/p>\n\n\n\n Other findings further support the conclusion that insider threats are on the rise, with Verizon\u2019s 2024 Data Breach Investigations Report (DBIR<\/a>) finding that 76% of data breaches involved insiders in 2023, up from 74% in 2022. Along similar lines, Splunk\u2019s 2024 State of Security Report<\/a> found that 42% of security leaders are experiencing insider attacks with increasing frequency.<\/p>\n\n\n\n Insider threats can be malicious and intentional, or accidental. Either way, they can cost a company a huge amount, even leading to liquidation in some cases.<\/p>\n\n\n\n Reassuringly, the majority of insider threats are attributed to accidental mistakes made by employees. According to Verizon\u2019s research in the DBIR, malicious insiders accounted for only 8% of data breaches. The remaining 68% of breaches involving insiders were unintentional and due to accidents or negligence.<\/p>\n\n\n\n Nevertheless, malicious insider attacks might be on the rise, with Apricorn\u2019s research finding that of the 200 IT decision makers they surveyed, 20% cited intentional\/malicious insider threats as the main cause of a data breach and only a minimally more 22% who cited unintentional\/accidental insider risk as the main threat.<\/p>\n\n\n\n While malicious insider attacks still account for just a minority of overall cyberattacks, they can be some of the most dangerous and vicious attacks, given that employees have insider knowledge of their company\u2019s operations and greater access to their data. This means that they have the potential to exploit the company\u2019s lesser known vulnerabilities and really hit them where it hurts.<\/p>\n\n\n\n Below, we look at the key appeals and motivations behind cybercrime in order to help businesses better understand and guard against malicious insider threats.<\/p>\n\n\n\n The motives of cybercriminals do not fall under a neat bracket. The occupation is an opportunistic one, with the potential payoff varying according to factors related to specifics of the company targeted and the data that is successfully extracted. Nevertheless, most cyberattacks have a financial component to them, with leaked data often being used as a leveraging tool for blackmail and extortion.<\/p>\n\n\n\n Nevertheless, besides the rich financial rewards of a juicy payoff, there are several other potential draws to the occupation.<\/p>\n\n\n\n Splunk Security Strategist, Audra Streetman, shares further perspective on some of the factors and situations that could give rise to malicious insider attacks.<\/p>\n\n\n\n \u201cThere are several reasons why an employee might act intentionally or unintentionally as an insider threat. Intentional insiders may harbour personal grievances due to, e.g., being passed up for a promotion or other perceived slights. You could alternately speculate that an individual might be most inclined to harm the organisation when facing reprimand, demotion or termination. This could result in sabotage targeting an organisation\u2019s physical or IT infrastructure. Malicious insider threats may also act for personal benefit, such as exfiltrating banking data for financial gain or even colluding with someone outside of the company to facilitate fraud or intellectual property theft. This is often accomplished through privilege misuse and in some cases, employees may be acting as a spy for outside governments.\u201d<\/p>\nAudra Streetman, Security Strategist at Splunk SURGe<\/cite><\/blockquote>\n\n\n\n Previous cases of cybercriminals who have been caught indicate that these factors are big motivators of cybercriminal activity. This is clear to see in a Lawfare article<\/a> written by Mark Vantanyan, which details the personal motivations of various individuals who were caught for cybercrime back in 2017. In particular, one of the case studies in this article highlights how an individual\u2019s inclination towards cybercrime stemmed from a desire to prove their worth. This motive was then further accelerated by recruitment initiatives from hacking collectives.<\/p>\n\n\n\n As this case demonstrates, the motivations for cybercrime are likely to consist of multiple, interrelated factors. While recruitment initiatives from hacking groups are on the rise, this doesn\u2019t necessarily mean that employees are more likely to take the bait, as Streetman additionally pointed out. <\/p>\n\n\n\n Nevertheless, it does mean that employees who already have some motivation for and inclination towards cybercrime might be more likely to actually go through with it. This is likely particularly the case for individuals who are motivated by recognition for their talents and feel undervalued within their company.<\/p>\n\n\n\n Stereotyping people can take us down dangerous and misleading paths. However, there are certain cases where stereotyping can help us identify and better understand a set of individuals whom we otherwise have little way of identifying.<\/p>\n\n\n\n In a LinkedIn article<\/a>, cybercrime lawyer Bhagat Singh Sharma attempts to unearth the psychological make-up of cybercriminals, looking at some traits that perpetrators typically have in common. He highlights the following characteristics, most of which are shared with more general criminal profiles:<\/p>\n\n\n\n What really sets cybercrime apart from other criminal behaviour is the highly anonymized and flexible nature of the occupation, facilitated by the vast array of digital tools to manipulate and conceal identities online. As opposed to most other forms of crime, cybercrime can be carried out from the comfort and privacy of the perpetrator\u2019s home, or even on the go.<\/p>\n\n\n\n This opens up cybercrime to a wider set of individuals than those who might carry out traditional crime. Even the most ordinary individuals, perhaps juggling a busy family life and full-time job, might be tempted to turn to cybercrime for financial gain.<\/p>\n\n\n\n Additionally, Sharma points out that cybercrime has a lower entry bar than traditional crime. This makes it more accessible to amateurs and youngsters who may take to it as a hobby\/way to develop their digital prowess, or as a gateway crime to whet their appetite for further criminal behaviour.<\/p>\n\n\n\n Last but not least, a key facet of cybercrime which makes it appealing to a broader range of people is the lower risk associated with it \u2013 cybercriminals are far less likely to be caught than traditional criminals. Furthermore, cybercriminals who have been caught have tended to serve far milder sentences than their counterparts operating in the physical world, and in many cases, evade prosecution altogether. The RAND corporation<\/a>, for example, found that only 0.05% of cybercriminals in the U.S. are ever actually prosecuted. This is in large part due to the sheer volume of less severe or even unsuccessful attacks carried.<\/p>\n\n\n\n In the case of insider threats, one of the main risks that employees would be taking is losing their job and a decent reputation in the business community. Intentional insider threats are therefore unlikely to come from individuals who are highly motivated and career-focused. In this sense, workplace culture and job satisfaction could be a significant factor in reducing the risk of malicious insider threats.<\/p>\n\n\n\n Workplace environments and culture have a big impact on employee satisfaction and loyalty. With the prevalence of remote\/hybrid working, alongside an increase in the amount of companies hiring freelancers<\/a> for temporary projects, creating a strong workplace culture with closely-knit teams isn\u2019t as easy as it used to be. Now, as increasing numbers of employees continue to return to the office, the more complex and nuanced impacts of the changes in work culture that have taken place since the pandemic are becoming evident.<\/p>\n\n\n\n For example, Amazon\u2019s recent run-in<\/a> with European data protection authorities raised concerns about the company\u2019s monitoring practices for its employees, and resulted in a \u20ac32 million fine for transgression of GDPR policies. While this is an extreme example, company distrust of employees could be a more general trend resulting from the monitoring practices companies implemented for remote working models during the pandemic.<\/p>\n\n\n\n Ironically, while companies with stringent monitoring and surveillance practices are clearly attempting to prevent employees from stepping out of line, it may actually increase their risk from malicious insider threats. This is because it creates a reciprocal culture of distrust and discontent amongst employees. <\/p>\n\n\n\n Commenting on Amazon’s recent expos\u00e9 and the issue of employee surveillance, Vivek Dodds, CEO of compliance company, Skillcast<\/a>, warns that excessive surveillance could lead to a more disengaged workforce, resulting in increased risk from both accidental and malicious insider threats.<\/p>\n\n\n\n “While excessive employee monitoring may not directly increase the risk of insider threats, it does pose significant indirect risks. An over-monitored environment can lead to a more disengaged workforce. When employees feel constantly surveyed, their job satisfaction may drop, potentially causing a decreased commitment to the organisation. This disengagement may lead to perfunctory performance, increasing the likelihood of accidental errors, lapses in judgment, and outright negligence, all of which heighten the risk of regulatory breaches.”<\/p>\nVivek Dodds, CEO of Skillcast<\/cite><\/blockquote>\n\n\n\n\n
Common motivations<\/h2>\n\n\n\n
\n
\n
Stereotyping the cybercriminal<\/h2>\n\n\n\n
\n
The impact of workplace culture on insider threat risk<\/h2>\n\n\n\n
\n