
Thai organisations should invest in order to prevent internal threats, which are listed among the top five security incidents in Thailand that can lead to financial losses and reputational damage, says cybersecurity consultancy Bluebik Titans.
The emergence of artificial intelligence (AI) is fuelling the trend of data detection and response (DDR) in data security. DDR has the potential to become a powerful tool, possibly replacing data loss prevention (DLP) as the primary method.
Business organisations, including those in Thailand, face increasing internal cyberthreats as many cases indicate data leaks from employees. This includes AI trade secret leaks that can cause damage to a firm's reputation and financial losses, said Polnsutee Thanesniratsai, director of Bluebik Titans, an arm of Bluebik Plc.
According to Verizon's Data Breach Investigations report 2024, internal actors are involved in 35% of cybersecurity incidents, a significant increase from 20% last year.
Over 23,000 internal documents, including sensitive data, were leaked by former employees of Tesla, while AI trade secrets and over 500 confidential documents were stolen by a Google software engineer.
Meanwhile, in Thailand, an online grocery service data leak containing 1 million records of personal identity information was posted for sale on the dark web by an insider.
Citing the Cost of Insider Risks global report 2023 issued by US research firm the Ponemon Institute, Mr Polnsutee said the number of insider incidents had increased by 32% between 2021 and 2022. Some 42% of insider threat events involves intellectual property or data theft and 55% of incidents experienced by organisations are due to employee negligence.
The Cost of Insider Risk global report, another study issued by the Ponemon Institute, forecast that the annual cost of insider-related incidents will reach 17.1 million this year, up from 16.2 million in 2023, based on a 5% increase over two years and assuming a steady growth rate from 2022.
It also found that 8.2% of organisations had an IT security budget of $2,437 per employee, and only 8.2% or $200 is used for insider risk management.
"In my personal experience, average organisations in Thailand spend 20,000-30,000 baht on cybersecurity per employee and a very low level of insider prevention investment."
There are three types of actions from insider threats, ranging from fraud by manipulative processes or systems for personal gain such as financial theft, data theft by stealing proprietary information such as trade secrets or product design, and system sabotage by causing deliberate damage or disrupting IT systems to cause operational downtime or data loss.
To mitigate insider risks and threats, Mr Polnsutee suggests organisations need to enhance their capability with insider threat management by using technical solutions from sensor input with analytic ability from AI and response workflows, including policies, guidelines and investigations that go beyond typical cybersecurity.
Now there is a new trend using AI-enabled technology for better insider risk managment that has the ability to monitor employee behaviour, data access patterns and users' activities to identify and mitigate risks posed by an insider. This represents DDR.
"This can prevent data leak from users who use public AI through web browsing," said Mr Polnsutee.