Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Typically security measures put in place to detect and counter cyber attacks focus on outside threats. While the faceless enemy from outside your organisation is undoubtedly a risk, the danger can just as easily come from within – but not from an anonymous attacker, from an employee that you know or trust. According to a 2019 data breach report, 34% of data breaches involved insiders. Though companies are more at risk from outside threats, internal cyber security needs to be taken just as seriously: it only takes one insider attack to cause devastating damage to your company.
An insider threat is a security risk initiated by an employee, former employee, business associate, or contractor from within an organisation. It usually involves a person who has privileged account access or access to sensitive data within the company’s network. Either intentionally or accidentally, they will compromise this access through inappropriate use. In some areas such as finance, government, and healthcare, insider threats are more frequent. However, any enterprise can become compromised if prevention measures aren't in place.
An external outside threat comes from outside the targeted organisation. They can be carried out by numerous types of malicious actors for financial gain, steal company secrets, or for political or social reasons, as with hacktivists. Some hackers will even carry out an attack for an intellectual challenge or to impress their peers. Techniques used to compromise external security or cause harm include distributed denial-of-service attacks (DDoS), drive-by attacks, password attacks, eavesdropping attacks, and more. Cyber crimes become more sophisticated by the day, and all enterprises need to be vigilant and have measures to prevent them.
As previously mentioned, external cyber threats are more widespread than threats from within. However, in some ways, building a strong security perimeter around our networks and systems to detect and prevent attacks is more straightforward than spotting a potential insider threat.
If we use the analogy of a castle under siege, often it is easy to see where the walls are being breached or where the attack is coming from. If the walls are strong and the soldiers are protecting it, it will be challenging to get into the castle. On the other hand, it only takes one rogue person inside the walls to poison the well or open the gates from the inside. Most often, this type of threat would go undetected. It only takes one insider to allow the outside forces to storm the gates!
So coming back to modern times, insider security threats are in many cases carried out by employees who you might have known for years and who you would least expect to damage your business in any way. This more personal element to insider threats makes it more difficult to detect.
Some companies tend to bury their heads in the sand when it comes to insider threats. They might believe it will undermine their employees’ trust, so they are slow to implement adequate security measures. It will often be too late before an enterprise discovers the significant damage that a malicious or negligent insider can do to their business. At the same time, enterprises still need to have happy, satisfied workers who feel valued and trusted. Disgruntled workers can easily become insider threats.
While it is not possible to entirely mitigate all insider threats, some things can be done to make them less likely, which we will discuss shortly.
So which is worse: an external or insider cyber attack? This would depend on several different factors, including the type and level of attack, the industry, and the information that was stolen.
Insider threats can be broadly divided into two kinds, either malicious or negligent; these can be then further split into distinct types of insiders with divergent motives for committing a cyber attack on an organization.
Malicious Insider – Be it an employee, ex-employee, ex-business partner, or contractor, a malicious insider is likely to be motivated either by greed or revenge. A financially motivated malicious insider might steal and sell information or access company finances that they can extract to their own personal account. A malicious insider motivated by revenge could be an employee who has been recently fired or has a grudge because another employee was promoted over them. They might find ways to sabotage the company by causing disruption or even be opportunistic and sell information to a rival competitor getting both revenge and financial remuneration. Malicious insiders have the advantage of familiarity with the organisation and will have the time and knowledge available to exploit any vulnerabilities.
Negligent or accidental Insider – As well as being one of the most common insider threats, a careless employee is also one of the hardest to detect. Humans are prone to errors: none of us are perfect. We might get distracted or be juggling tasks and make a mistake. For instance, an employee might be running late and inadvertently forget to log off their computer when leaving the office. Another example could be an employee leaking data by losing a USB drive containing sensitive data.
An employee who has been working for a company for several years with no issues could innocently make a mistake that could prove expensive. These types of isolated errors can and will happen, no matter how strong security measures are. If an employee has been repeatedly negligent, they need to be given additional security training.
Still, the threat can be significantly reduced by instilling a strong security culture in your organisation, raising employee security awareness, and training staff in managing cyber security risks from the offset.
Compromised Insider – This type of threat could be classed as a subset of ‘negligent’. An example would be an employee who has fallen for a phishing scam and has clicked on an insecure link and compromised the company network with malware.
Colluding Insider – If someone who has insider access collaborates with an external party to pose a security threat to an organisation, the combination of exterior and insider threat increases the danger two-fold. Using the dark web to hire employees to go rogue is becoming more commonplace for today’s cyber criminals. An employee could also be bribed into colluding with a cyber criminal though this is even less common.
Moles and Insider Spies – Espionage is the driver for this type of insider. They could be someone posing as an employee or contractor or an existing employee looking to steal intellectual property. An employee who is leaving a business to start work with a competitor could be a risk to information security, for instance.
Third-Party Users – Typically, these are contractors that have temporary access to a network. This might just be for a few hours or working on a business project for several months. Just as with a regular employee, a third-party user could compromise the network security through negligence or be a malicious actor.
The internet has changed how and where we work and with modern technology, we can work from anywhere. Some forward-looking companies now have a bring your own device (BYOD) policy that allows staff to use their own personal laptops, mobile phones, or tablets for work purposes. Adopting new ways of working offers both organizations and workers more flexibility, as well as many other benefits. However, on the flip side, it can leave businesses more vulnerable to cyber attacks.
Remote working isn't something new: the internet has enabled staff to work outside the traditional office environment for some time. However, it has become much more widespread due to the 2020 pandemic, with many businesses having no recourse but to have their staff working from home.
Many organisations were taken by surprise by the events that unfolded and were unprepared for the dramatic change. When mandatory stay-at-home requirements were enforced, many remote employees carried out their daily tasks on personal devices with the most basic security.
In addition to more employees working from home, cybercriminals took advantage of the coronavirus with a massive spike in cyber threats. This included many reported phishing emails pretending to be from the World Health Organization.
The finding from a survey carried out by anti-malware software providers Malwarebytes claims that 20% of businesses have experienced security breaches resulting from remote employees’ actions since the start of the lockdown. Also, it was found that 44% of organizations that responded to the survey did not provide cyber security training to their remote employees on the possible threats that home workers could face.
Remote workers should be at least schooled in the basics, such as ensuring that their Wi-Fi Router’s default password is changed, ensuring anti-virus and other software is regularly updated. They should understand the dangers of phishing and how it works.
Working from home can make even the most diligent employee less security conscious, with many computer devices being shared with family members or available to other users in the household. Employees should understand that the same security standards apply when at home or in the workplace.
Bring your own device (BYOD) allows workers to use their own personal devices to connect and access the network and systems of the organisations they work for. This is a great benefit for small businesses who save on purchasing equipment, and studies show that it is good for employee morale. The obvious downsides are the higher risks to security and the challenges for IT departments to deal with a wide range of different devices.
By far, the most significant security risk associated with BYOD is data breaches caused by devices being lost or stolen. If sensitive information is stored on the device, a non-negotiable policy should be established that remote wipe will be used to delete all data.
Before introducing BOYD into your workplace, a well-defined security policy should be in place to ensure compliance and protect both the organisation and those employed by it.
The increasing number of cyber threats is growing exponentially to organisations big and small and sometimes to the level of compromising national security. Here are a few of the more famous examples:
Probably the most notorious insider attack came from Edward Snowden, the whistleblower who stole and leaked highly classified information from the NSA. At the time, Snowden wasn't even an employee but a contractor hired by Dell and then Booz Allen Hamilton. Without a doubt, Snowden matches the malicious insider archetype, driven by what he believed were noble reasons, whether you see him as a hero or a traitor.
Target, the national retail brand, suffered a massive data breach in which around 110 million of their customer's financial and personal information were compromised. The hack was carried out using a phishing email that duped an employee of a third-party vendor allowing the cybercriminals to access Target's network.
A recent social engineering attack involved workers employed by Twitter being manipulated by a gang of teenage cybercriminals. The bitcoin scam involved compromised Twitter accounts from some of the most famous people in America, including Joe Biden, Kayne West, and Elon Musk. While it only netted the Bitcoin equivalent of $120,000 and just 394 people fell for the same, it immediately knocked 4% off Twitter's share value and put a dent in their reputation. Twitter commented, the “coordinated social engineering attack” was executed by people who “successfully targeted some of our employees with access to internal systems and tools.”
As we have discovered, insider threats are not as clear-cut to identify as those from outside. Indicators of potential threats from a worker with malicious intent could be that they access the network at unusual times or from unusual places or work late or early without authorisation.
They may also show signs of dissatisfaction with their job or be going through financial hardships though it is more likely that they will cover this up if planning malicious action.
It might be that someone is struggling with a personal issue such as alcohol addiction or that they might be having problems outside of work that is making them distracted and more prone to an accidental threat, and they might require some sort of counselling to help them.
The best place to start with countering cyber threats from within is with the HR department: stringent background checks on people you may potentially recruit could stop the threat in its tracks before even becoming a risk. Some other best practices you can put in place to mitigate risk include:
Lastly, a backup and disaster recovery plan should be in place so that your organisation can react quickly in the case of the threat being successful.
Emma is a Marketing Executive who has a keen eye for researching and writing interesting articles about business security.
Protect against insider and external threats with Bulletproof’s powerful managed SIEM service. Proactive 24/7 managed protection from our security experts.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.