Search
START TYPING AND PRESS ENTER TO SEARCH

Insider Threats

Insider Threats: What’s Holding Enterprises Back?
Apply for Partnership

APPLY FOR PARTNERSHIP

Thank you for your interest. Kindly fill out the details below and we will contact you back soon.

Contact Us

Contact Us

Please complete this form to be contacted by one of our experts.

  1. Home
  2. /
  3. Our Blog
  4. /
  5. Insider Threats: What’s Holding Enterprises Back?

Enterprise security involves both external and internal threats. Enterprises however, typically focus on external threats. This leaves malicious activity and accidental events involving enterprise insiders not sufficiently addressed. Internal threats, admittedly, are harder to detect and prevent.

In our last article , we explored the definition of an insider threat, its prevalence and enterprise readiness to combat them. Based on our ‘Insider Threat Report 2022 – Singapore Edition’ [1] report, 80% of enterprises agree that insider threats pose the same risk as external threats. While there is widespread awareness among enterprises with regard to the severity of insider threats, current mitigation strategies are far from comprehensive and make most enterprises feel vulnerable to insider attacks. Impacting the effectiveness of these mitigation strategies are a number of gaps that continue to plague today’s enterprises.

Tackling the disparity between IT and non-IT departments

With sufficient familiarity and insight into the mechanisms by which internal breaches might be perpetrated, IT departments are often in the best position to lead an enterprise’s insider threat prevention program. The report found that 72% of respondents felt that the IT department should be in charge of mitigating insider threats. On the other hand, 71% felt that the risk and compliance department should champion such programs, while 61% and 41% expect the board and HR department to be involved, respectively. With no clear idea of which department should spearhead and coordinate insider threat management, enterprises may find themselves with fragmented policies and many unaddressed security areas.

Non-IT departments, unlike IT departments, are inevitably much less aware and thus less prepared to combat an insider attack. The report found that 41% of respondents were unsure or unaware if a formal threat prevention program existed outside their IT departments, with 23% confirming the non-existence of such programs. Even the smallest vulnerability, for example, an open enterprise WiFi access point can expose the enterprise assets to threats, if left unmonitored. Enterprises thus need to close the divide between IT and non-IT departments’ insider threat awareness and prevention policies, ensuring non-IT employees are well-informed of the rules regulating enterprises’ cyber hygiene.

Formalizing rules into laws

To empower enterprises against insider threats, it is critical that guidelines and best practices required to prevent and manage incidences relating to insider threats are formalized into laws governing enterprises and employees. The report found that 99% of respondents agreed that having guidelines on managing insider threats incorporated into laws such as the PDPA [2] or Employment Act [3] in Singapore would be somewhat beneficial, while 22% felt that it would be extremely beneficial.

Cultural influences

For Asian enterprises in particular, cultural factors may pose a significant challenge in the implementation of stringent insider threat management. Known as the Asian Value System, this bias results in an organization’s board putting too much trust on regular employees to carry out cyber operations benevolently and securely. With 64% of respondents agreeing that this negatively affected the board’s perception of insider threat risks, the Asian Value System can greatly undermine the severity of insider attacks and stand in the way of implementing zero-trust programs.

With awareness on insider threats on the rise and mitigation strategies in good progress, it is about time enterprises adopt the right guidelines, practices and organizational values that can take their insider threat management to the next level.

Sources:

[1] Insider Threat Report 2022 – Singapore Edition, Halodata, June 21, 2022, https://halodata.asia/SG-insider-threat-report

[2] PDPA (Personal Data Protection Act 2012),

[3] Employment Act 1968,

Synopsis

This article, based on the findings from Halodata’s 2022 Singapore Insider Threat Report, looks into some of the most common challenges that enterprises encounter when implementing an organisation-wide insider threat prevention program including the disparity between IT and non-IT departments, the lack of official guidelines and the Asian value system.

It’s Time to Get Started with Halodata

Request Demo

Contact Us

Please complete this form to be contacted by one of our experts.

Free Consulting Services

Support Services

Explore Knowledgebase

Talk to one of our experts and discover the benefits of Halodata for your company.

Contact Us Today