Here’s how companies can mitigate internal security risks

In 2023, 86 per cent of UAE businesses fell victim to some form of cyberattacks, highlighting the critical need for robust information security measures. Another key concern: 72 per cent of organisations in the UAE experienced data loss due to insider actions.

Considering the challenging cybersecurity landscape, we find ourselves in, the best response for business executives would be to immediately address the security issues and implement the required ‘protective’ solutions. However, that’s not how it always works.

Numerous companies, especially small and medium-sized enterprises (SMEs), are unable to ensure information security on their own. There are two main reasons for that. These include:

Limited resources: Many companies, particularly SMEs, lack the financial resources to acquire necessary security software and hardware, or hire qualified information security personnel.
Expertise gap: Even with the resources, businesses might struggle to find skilled professionals to manage and monitor security systems effectively.

A solution to these challenges is delegating information security to a managed security service provider (MSSP). MSSPs offer a range of information security services on a subscription basis, typically monthly, quarterly, or biannually.

An MSSP ensures turnkey protection against internal threats, including data leaks, corporate fraud, theft, idleness, and other types of incidents.

How does the service work?

The outsourcer provides the client with protective software, an outsourcing analyst, and technical support. The outsourcing analytical expert deploys and manages the protective software, configures security policies, and detects and investigates incidents.

The information security analyst reports to the client within the agreed term and contacts the customer promptly in case of emergency.

Compared to building and maintaining an in-house security team, MSSPs can be a more cost-effective solution for many businesses.

How internal security threats can be effectively tackled

Based on the use cases of Searchinform clients, here are real internal risks that companies typically face and how they can be prevented using an MSSP.

Data leaks: Data leaks are a common and dangerous occurrence. A disgruntled employee at a retail company we work with attempted to steal confidential information by copying network infrastructure data onto a flash drive. Fortunately, a Searchinform outsourcing analyst identified the suspicious activity and prevented the data leak.

Working for competitors: Employees may steal confidential information to sell to competitors. In one instance, an employee working for one of our clients copied commercial details to a hard drive and even announced their intentions to colleagues on the corporate chat. SearchInform’s security experts intervened and prevented the data from being shared.

Point to note: According to a Searchinform study, 91 per cent of SMEs have experienced attempts involving confidential data leakage.

Corporate fraud: Employees may commit fraud for personal gain. An accountant in a manufacturing company we work with used software to forge data and signatures, including the CEO’s signature, on documents. This could have led to legal repercussions for the company, even if the executive was unaware of the fraudulent activity.

A classic case of document forgery for theft was also detected in another company, where the employee forged waybills. He used to prepare two documents with one specifying fewer items than shipped. The extra items were offloaded during the journey and later sold by the employee for personal benefit. Meanwhile, the customer didn’t suspect anything, because his company received the actual quantity of goods ordered.

Financial losses to employer: Employees may use company resources for personal ventures, causing financial harm. In one case, an employee downloaded invoices and waybills containing information about their own side company onto her corporate PC. The documents revealed the name of the third-party company where the employee was listed as the director and chief accountant. The overall damage caused by the employee’s actions exceeded Dhs100,000.

Increased risk during job searches: Employees searching for new jobs may pose an increased security risk. A Searchform security analyst identified an employee visiting job websites, sending CVs, and bad-mouthing colleagues and executives. The analyst also prevented them from leaking trade secrets to a potential new employer.

On the other hand, a SearchInform analyst detected a decrease in the productivity of a specialist at a food company. It became clear that the employee had decided to quit. The company’s CEO held a conversation with the employee and found out that the reason behind the resignation was burnout from handling many tasks delegated to him by his line manager. It turned out that the employee was handling both their tasks and their boss’s tasks. As a result, the CEO managed to retain the valuable employee and implemented several management decisions to ensure more efficient control over the line manager’s work process and its effectiveness.

Inefficient use of work time and resources: Employees may misuse company resources and time. For example, during a trial of an outsourced security service for a company, it was revealed that five IT department employees were spending a significant portion of their workday playing online games instead of fulfilling their job duties.

These are just a few types of incidents that professional security analysts prevent with the help of protective software. There are many more pain points of business to control for a company not to lose its efficiency.

Make an objective choice

If you are an executive or a business owner and you still doubt whether you need an MSSP, reach out to Searchinform and get a report on your company’s ‘security’ state and make an unbiased decision. During the first month, the internal security outsourcing service by SearchInform is free.

The writer is the chairman of the Board of Directors of SearchInform, a managed security service provider.