Internal risk management in cybersecurity: a complex challenge

In managing internal risk in cybersecurity, there are often underestimated but crucial aspects. According to Federico Charosky, CEO of Quorum Cyber, it is essential to clearly define the concepts related to internal risk, discriminating between malicious and involuntary internal threats. This distinction, anything but a semantic subtlety, is fundamental to understanding the nature of the problem and finding adequate solutions.

The nuances of insider threats in cybersecurity

Charosky refers to a Microsoft report that highlights that approximately 85% of cyber attacks involve an internal component. This data confirms the crucial role of employees in facilitating an attack, both knowingly and unknowingly. Identity compromise is one of the key elements, whether through manipulation of the identity of insiders or through coercion or deception.

The difference between "internal risk" and "internal threat"

It is important to distinguish between "insider risk" and "insider threat", terms that are often confused. While an insider risk indicates a potential vulnerability (such as an employee with excessive access privileges), an insider threat indicates malicious actions carried out by an individual. This distinction allows us to adopt more targeted defense strategies and deal with internal threats more effectively.

The need for a multi-layered defense

Charosky emphasizes the importance of a multi-layered defense strategy. Relying solely on employee awareness and action is ineffective. An organization's IT security must involve all hierarchical levels and include adequate security measures. From aligning IAM protocols to adopting Zero Trust models, from implementing secure email gateways to ongoing employee training, a comprehensive, multi-layered approach is critical to effectively mitigate internal risks.