March 18, 2024

One in ten cyber breaches are insider jobs

Recent data from Kaspersky shows that 82% of South African companies have experienced at least one cyber security breach in the last two years. Of these, 1 in 10 are deliberately caused by internal staff members. The cyber security firm conducted a study in 2023 that included non-IT employees, IT teams and business leaders in South Africa and several other African countries.

All study participants were at the manager level or higher and worked for both SMEs and large enterprises. The study makes a distinction between two insider threats; those that are caused unintentionally, like clicking on a phishing email link, and those that are deliberate, like hacking into the IT system for financial gain or revenge.

Insider data breaches can disrupt or halt a company’s business operations, expose IT weaknesses and reveal confidential information and customer data. The fact that both SMEs and enterprises reported that insider data breaches have occurred means that no company is completely safe. IT departments need to have robust, up-to-date and multi-level security systems in place.

Why insider threats are dangerous

Security breaches intentionally caused by employees are arguably more dangerous than external cyber threats. These cases can be complicated and more difficult to protect against as employees will have knowledge of the company’s cyber security infrastructure and processes. They will also be able to figure out passwords more easily and have a better understanding of the security tools used.

Malicious employees already have accredited access to the company’s servers and network, meaning that they can automatically bypass the perimeter security systems and firewalls. In addition, they have colleagues and friends within the company who can be easy victims of phishing and social engineering attempts.

Lastly, insiders with malicious intent are often more motivated to cause harm to the company, especially if their actions are for revenge. Actions such as termination, demotion, and other forms of employee dissatisfaction have been significant triggers for revenge-motivated breaches. Employees have also worked with external threat actors in return for financial rewards.

The worst-case scenario arises when the disgruntled employee still has remote access to their work account. It’s vital that IT departments remove all permissions and access to networks as soon as employees’ contracts are terminated.

These breaches are happening in South Africa

South Africa recorded a number of high-profile cyber attacks in 2023, affecting organisations across a range of industries. According to the Council for Scientific and Industrial Research (CSIR), the financial losses associated with cyber attacks in 2023 were upward of R2.2 billion.

Kaspersky’s data also showed that some businesses were targeted multiple times - in one instance, an enterprise faced six cyber security breaches between 2022 and 2023. The stats reveal that 64% of breaches are caused by unintentional human error, 14% are caused by senior members of IT staff and a further 15% are caused by junior and mid-level IT teams.

This highlights the importance of user awareness training for all members of staff - senior and junior, regardless of their departments and job roles. Every staff member must undergo regular cyber security training and be equipped with the knowledge to spot and act upon suspicious IT activity.

Working with a reputable cyber security services provider is one of the best ways to ensure that your company is protected against external and internal threats. SEACOM offers a range of cyber security services to enterprises in South Africa. These tools can be used to detect and mitigate phishing attempts, among other threats.

Our security services are designed to improve the IT infrastructure and prevent attacks, from the endpoints and perimeter through to the network servers themselves. For more information about these services or to get a quote, email us at or leave us a message.

SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.

SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.

For‌ ‌more‌ ‌information‌ ‌on‌ our ICT solutions, ‌follow‌ ‌us‌ ‌on‌ ‌‌LinkedIn‌,‌ ‌‌Facebook‌ ‌or‌ ‌‌Twitter.‌ ‌Keep‌ ‌an‌ ‌eye‌ ‌on‌ ‌our‌ ‌‌news‌ ‌section‌‌ ‌for‌ ‌insightful‌ ‌articles‌ and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.