Cybersecurity teams face a constant battle of ensuring their company is shored up in the right places. Facing down increasingly sophisticated and persistent threat actors, there’s every reason to focus on one’s perimeter to shield oneself against external threats.
But insider threats – attacks carried out from within an organization’s environment – must also be part of any business’s security strategy. When the call is coming from inside the house, either via a hacker who’s secretly gained access or in the form of a disgruntled employee, security teams need to be ready to clamp down hard.
In this episode, Jane and Rory welcome back Ross Kelly, ITPro’s news and analysis editor, to discuss the scale of these insider threats.
Highlights
“If someone's been dismissed, or if someone's leaving on bad terms, it should certainly be, you know, front of mind for any IT administrator make sure that they do not still have access to the crown jewels.”
“The level of sophistication here is quite impressive. It also points towards a growing level of technical proficiency among threat actors here, they're able to get into these companies as employees and then essentially wreak havoc. ”
“With AI and the deepfake question there, it has accelerated significantly over the last two years. Whereas when you look at, say, the ransomware situation and the fight against that from people on the front lines in the information security space, that's been a far more long-running campaign.”
Footnotes
- Why you should always be wary of insider threats
- North Korean insider attacks are skyrocketing – dozens of US firms didn't spot the hacker in their midst
- Cyber firm KnowBe4 unknowingly hired a North Korean hacker – and it went exactly as you might think
- Should your business worry about North Korean cyber attacks?
- State-sponsored cyber attacks: The new frontier
- The Verizon data breach that exposed 63,000 employees is a reminder of how a simple mistake can have costly implications
- Preventing deepfake attacks: How businesses can stay protected
- How Intel's FakeCatcher hopes to eradicate real-time deepfakes
- AI threats: The importance of a concrete strategy in fighting novel attacks
- Why I think the Scarlett Johansson OpenAI scandal shows the danger of AI-generated voice content
Subscribe
- Subscribe to The IT Pro Podcast on Apple Podcasts
- Subscribe to The IT Pro Podcast on Spotify
- Subscribe to the IT Pro newsletter
- Join us on LinkedIn
-
What to look out for at RSAC Conference 2025Analysis Convincing attendees that AI can revolutionize security will be the first point of order at next week’s RSA Conference – but traditional threats will be a constant undercurrent
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reportedNews Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
The new era of cyber threatsITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
-
Supply chain scares and Google’s AI codeITPro Podcast As the ransomware attack on Blue Yonder disrupts a wide range of firms, Google moves to lead by example on internal AI code
-
Halloween special: Cybersecurity horror storiesPodcast Join us for three terrifying tales sure to chill any IT professional to the core
-
Securing your business with education and trainingITPro Podcast Keeping your workforce updated on the latest threats requires a cohesive cyber skills strategy
-
Protecting the public sector from hackersITPro Podcast With the public sector facing increasingly sophisticated threat actors, leaders need centralized security plans and better communication
-
How cyber attacks damage mental healthITPro Podcast As staff struggle to cope in the immediate aftermath of a cyber incident, leaders must do more to foster a culture of support
-
LockBit leader revealed: What it means for ransomwareITPro Podcast With LockBit's founder having been unveiled publicly and with international law enforcement still digging into detailed attack stats, the group is on high alert
-
March rundown: The return of state-backed hacking campaignsITPro Podcast A major attack on the electoral commission raised concerns for the security capabilities of public and private organizations
