Cybersecurity threats are traditionally seen as external threats from criminals targeting customers, financial systems, or other external facing platforms. But something much bigger is happening behind the scenes; there has been a significant shift in the types of targets criminals are focusing on - they are now targeting employee systems. These types of systems are where access, authority, and sensitive data flow together. 

The Stryker Corporation - Data Breach, an internal cyberattack that impacted their internal systems, demonstrates this growing trend - and raised concerns about the security of employee related data. While it will take time before measures that will protect these types of companies from future incidents will be put into place, the overall message is clear - employee systems are now prime targets for criminals.

Employee systems are especially targeted because they play a central role in running the organization. These systems typically contain employee personal information such as HR data, internal communications (via Outlook or equivalent), access credentials (username and password), and in some cases, administrative rights. By gaining access to an internal system, especially one with higher levels of access than regular users, attackers can gain access to an entire network.

Modern attacks often differ from traditional cyber assaults by their intent to disturb (as opposed to pure information theft). By accessing internal systems, a cyber attacker can disrupt the normal day-to-day operation of the organisation, causing delays and confusion across different departments. The way this type of attack can occur is through deleting data from the systems, providing users with inadequate access, or removing access to crucial systems.

The starting point for many of these types of attacks is a compromised set of user credentials, which are accessed through phishing, reused passwords, or through social engineering, etc. Access to a computer network using a single valid set of credentials can create a chain reaction through an enterprise network.

Once an attacker has access to your network, they may try to gain elevated priviliges (higher than initially granted to them) to take control and change how things are done within your organisation. This is particularly dangerous to the entities impacted by these breaches because in many cases the administrative access rights of a user with an administrative user account allow the cyber criminal to cause a far-reaching, but relatively swift, impact.

The growth in dependence on cloud services has created additional challenges with regards to security. Staff members’ computers no longer reside at a single site; rather, they may be used by employees across geographic or network boundaries, making it difficult to identify who belongs to whom when attempting to prove successful authentication to the organization. While this level of flexibility may result in increased productivity, it also results in an equally increasing risk of attack.

The human factor in cybersecurity is also of great importance. While they represent the first line of defense against cyber attacks, employees also constitute the weakest link in an organization’s ability to maintain adequate protections against unauthorized access. As a result, even the best-intentioned employee can expose his/her credentials to malicious users if he/she does not have an adequate foundation of ongoing cybersecurity training.

The fallout from a successful cyber attack is much greater than simply the disruptions to staff. For example, if an employee is the target of an attack and has personal data stolen, he/she runs the risk of identity theft. The organization incurs expenses due to lost productivity during the downtime, damage to its reputation, and the expense of recovering affected information systems.

To counterbalance these challenges, organizations are beginning to utilize enhanced security models such as zero trust, which assumes that all users and information systems must prove their legitimacy at every point of interaction with the organization. Multi-factor authentication, continuous monitoring of system activity, and strict access control are being recognized as critical elements of current and/or future cybersecurity strategies.

Cyber threats are constantly changing; therefore, there has been a change in focus from protecting outside systems to protecting inside tools and accounts which employees utilize to do their jobs. This is because the most critical vulnerabilities are usually internal to your systems today.