According to Bridewell Consulting, more than a third (35%) of Critical National Infrastructure (CNI) security leaders believe the economic downturn is forcing employees to steal or sabotage data. increase.
A cybersecurity consultancy surveyed 1025 individuals responsible for cybersecurity at UK and US CNI companies in the telecommunications, utilities, finance, government, transport and aviation sectors.
Many suspect that the cost of living crisis is driving insiders to these companies to bid for cybercriminal groups in exchange for big payoffs.
Their suspicions are backed up by solid evidence. The financial services sector has been hit harder than any other industry sector surveyed in last year’s report. Organizations in this industry experienced an average of 28 security incidents caused by employee sabotage and 28 data theft or misuse in the last 12 months.
Overall, the number of employee sabotage incidents at CNI companies jumped 62% year-over-year, according to the report.
Read more about critical infrastructure threats: NCSC warns of devastating Russian attacks on critical infrastructure.
Difficult economic conditions are also putting pressure on CNI companies in other ways. Nearly two-thirds (65%) of UK respondents said they had seen “some cuts” or “significant cuts” in their cybersecurity budgets, increasing to 73% of US respondents. I’m here.
The telecommunications sector is least affected by these cuts, with nearly half (48%) claiming their security budgets remain unchanged. At the other end of the spectrum, the transportation and aviation (73%) and utilities (69%) sectors experienced the biggest declines. Utilities also include energy, oil and gas companies.
“The threat of insider sabotage remains at an all-time high across the CNI, but current economic pressures are making it easier for criminals to exploit vulnerabilities in both employees and organizations.” If you reduce , the problem gets worse,” said Anthony Young, co-CEO of Bridewell.
“Decision makers should invest in rigorous cyber defenses. This includes robust monitoring and testing of systems and access controls, investment in data loss prevention, and adherence to cybersecurity best practices. Continuing education and training of employees to raise awareness should be included.
