Survey: Insider Threats Surge Across U.S. Critical Infrastructure

Survey: Insider Threats Surge Across U.S. Critical Infrastructure

Over three-quarters (77%) of organizations across US critical national infrastructure (CNI) have seen a rise in insider-driven cyber threats in the last three years, according to new research by leading cyber security services firm Bridewell. The threat from within ranges from criminal intent to individual negligence, but those surveyed said an act of intentional destruction at the hands of an employee was committed on average at least every other week within the last year.

Bridewell’s findings come amidst a growing international focus on insider-driven cyber threats against critical infrastructure. The recent US Pentagon data leak, which saw a junior employee leak highly sensitive information, highlights the increased importance of strong insider threat controls and broader operational security.

The ‘Cyber Security in CNI: 2023’ research report, which surveyed 525 cyber security decision makers in the US, in the transport and aviation, utilities, finance, government, and communications sectors, reveals that increased insider threat could also be linked to increased geopolitical tension and the current economic pressures felt by individuals, with over a third (35%) of critical infrastructure organizations reported a rise in the number of internal employees turning to cyber crime due to poor economic conditions.

At the same time, the worry around cyberwarfare right now also remains high, with 81% of CNI organizations concerned the services that keep the US running are under threat. With high levels of risk associated with human factors, such as fear, natural error, or inadequate training, the research highlights the need for organizations to be particularly vigilant to insider threats and vulnerable employees as the economy continues to recover and nation-states remain politically motivated.

The research also highlighted that threats are continuing from all angles, with 38% of security decision makers worried social engineering and phishing attacks will increase as a direct result of economic uncertainty – which rises to 52% within the US finance sector.

The finance sector is under particular threat from ransomware attacks, with incidents occurring on average every 5-6 days in the past year compared with every two weeks across all sectors. A series of high-profile hacks against the sector, including February’s ransomware attack against financial software provider Ion Group, highlight fears that threat actors are preying on employees’ vulnerabilities and financial concerns to gain illicit access to sensitive critical data and systems.

Scott Nicholson, Co-CEO at Bridewell, commented: “Due to its importance to daily life and the economy, any insider threats whether through malice, negligence, or desperation, within critical infrastructure organisations could have severe and far-reaching consequences. The recent National Cybersecurity Strategy outlined the need for collaboration between private and public sector organizations to ensure national security is protected and maintained against threats from all angles. Sophisticated threat actors are primed to capitalize on human vulnerabilities and mistakes, so organizations must take proactive steps towards reducing insider risks through regular background checks, robust monitoring and access controls, and continual employee cybersecurity education and training that reflects the ever-evolving threat landscape. ”

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Making Safety and Security Intrinsic to School Design

    Public anxieties about school safety are escalating across the country. According to a 2023 Gallup report, 44% of parents fear for their child’s physical safety at school, a 10 percentage-point increase since 2019. Unfortunately, these fears are likely to increase if the incidence of school tragedies continues to mount. As a result, school leaders are now charged with two non-negotiable responsibilities. The first, as always, is to ensure kids have what they need to learn, grow, and thrive. Sadly, their second responsibility is to keep the children in their care safe from threats and physical danger. Read Now

  • The Power of a Layered Approach to Safety

    In a perfect world, every school would have an unlimited budget to help secure their schools. In reality, schools must prioritize what budget they have while navigating the complexities surrounding school security and lockdown. Read Now

  • How a Security System Can Enhance Arena Safety and the Fan Experience

    Ensuring guests have both a memorable experience and a safe one is no small feat for your physical security team. Stadiums, ballparks, arenas, and other large event venues are increasingly leveraging new technologies to transform the fan experience and maintain a high level of security. The goal is to preserve the integrity and excitement of the event while enhancing security and remaining “behind the scenes.” Read Now

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3