AUTUMN 2025 DIGITAL - Flipbook - Page 41
IT & IT SECURITY
Seven ways public sector
organisations can protect
themselves om insider
threats
Spokesperson: Rob Elliss, EMEA Vice President for Data and Application Security at Thales
Whether caused by
grievance, blackmail, technical
miscon昀椀guration, or simple
human error, some of the most
damaging data breaches originate
from within an organisation. With
much of cybersecurity focused
on defending against external
threats, the risks posed by trusted
users and authorised access are
often underestimated.
Insider risks extend beyond
current or former employees.
Contractors, freelancers, vendors,
third-party service providers,
and even business partners with
privileged access can all introduce
vulnerabilities. Any misuse of that
access, intentional or accidental,
can create serious cybersecurity
risks.
What separates a mistake
from an insider threat is intent.
Repeated negligence or
deliberate malicious actions may
stem from 昀椀nancial motives,
external pressure, ideological
beliefs, or personal grievances.
For public sector organisations,
a combination of tightly controlled
budgets, cultural factors, and
political pressures – alongside
the responsibility for managing
sensitive citizen and electoral
data – creates heightened
exposure to insider risks.
According to the National Audit
Of昀椀ce, fraud and error cost UK
taxpayers between £55 billion
and £81 billion in 2023–24.
For IT and security leaders,
knowing where to start can be
a challenge. Below are seven
key areas to prioritise when
identifying, mitigating, and
preventing insider threats.
1. Monitor user behaviour
Implement User and Entity
Behaviour Analytics (UEBA) to
monitor user activity and detect
anomalies, with appropriate
privacy and risk controls in place.
This can include unusual work
hours, unauthorised remote
access requests, disengaged or
hostile behaviour, or large data
transfers following a resignation.
Early detection of these indicators
can prevent potential data loss.
2. Strengthen encryption
practices
Poor cyber hygiene remains
one of the leading causes of
digital disruption. Encrypting
all sensitive data, and regularly
rotating and securing encryption
keys, forms a vital 昀椀rst line of
defence. Combine this with strict
controls over where data can
be moved, copied, or shared to
minimise the risk of leakage.
3. Improve employee
screening and vetting
Security begins at recruitment.
In a world of remote work and
advanced digital impersonation
tools such as AI-generated
deepfakes, it is critical to
verify identities rigorously.
Use AI-powered document
veri昀椀cation, conduct periodic
in-person meetings, and perform
background checks to con昀椀rm
that employees and contractors
are who they claim to be.
4. Build a security-aware
culture through training
Employees are the 昀椀rst line of
defence in every organisation.
Regular awareness training
should encourage secure
practices such as identifying
phishing attempts, maintaining
strong passwords, and
reporting suspicious behaviour
con昀椀dentially. A well-informed
workforce reduces the likelihood
of accidental or negligent insider
activity.
5. Implement data loss
prevention (DLP)
Data Loss Prevention tools
improve visibility into who
accessed which 昀椀les, when,
and under what conditions.
Combining this insight with
analytics helps identify abnormal
patterns of activity at scale.
6. Monitor continuously for
breaches
Detection and response times
remain a challenge. Research
from IBM and the Ponemon
Institute shows that public sector
organisations take an average
of 202 days to identify a breach
and a further 74 days to contain
it. Integrating user behaviour
monitoring and DLP capabilities
accelerates response times, limits
data ex昀椀ltration, and reduces
overall risk exposure.
7. Incorporate threat
intelligence into your security
strategy
Once a software vulnerability
is disclosed, attackers act
quickly to exploit it. A structured
patch-management programme
ensures systems and software
are updated promptly. Beyond
patching, organisations must
track active threat groups,
evolving attack methods,
and emerging exploits. This
intelligence enables a proactive,
prioritised, and adaptive defence
strategy.
8. Improve your identity and
access management (IAM)
Every user account has the
potential to become privileged,
making robust IAM essential.
Implement multi-factor
authentication (MFA) to add
assurance and establish policies
to revoke access promptly when
roles change or personnel leave.
Maintaining clear oversight of
account permissions reduces the
risk of privilege misuse.
A proactive, security-focused
culture can deter dishonest
behaviour while empowering
employees to report concerns
con昀椀dently. By implementing
these steps, public sector leaders
can build greater resilience
and assurance that they are
safeguarding taxpayer funds and
maintaining public trust.
Rob Elliss
GOVERNMENT AND PUBLIC SECTOR JOURNAL AUTUMN 2025
41
