New research reveals that internal risks from employees and shadow IT have overtaken external hacking attempts, highlighting a shift in cybersecurity priorities for companies worldwide.
- Internal threats increased from 47% to 57% within a year
- Employee misuse rose dramatically, fueling breaches
- Companies urged to tighten access controls and authentication
What happened
New findings from Orange Cyberdefense indicate a growing cybersecurity concern: insider threats are now more prevalent than attacks from external hackers. Over the past year, incidents linked to internal risks jumped from 47% to 57%, eclipsing the steady 31% representing external hacking attempts. This marks the first time internal risks have dominated the threat landscape.
A significant driver behind this trend is employee misuse, which escalated from 29% to 45% of incidents. Unauthorized use of unapproved software, often fueled by shadow IT practices, has contributed heavily to vulnerabilities. Hackers have shifted tactics, increasingly exploiting routine employee activities to infiltrate networks without relying on complex external exploits.
Why it matters
The rise in insider threats complicates traditional cybersecurity defenses, which often focus primarily on external attacks. Employee behaviors that introduce risk may not be inherently malicious but can still cause substantial damage by circumventing company policies and opening unexpected entry points for attackers.
Endpoints, particularly employee devices, remain prime targets and were involved in 53% of incidents. Additionally, identity-based attacks increased markedly, signaling that protective measures need to account for internal user privileges and access. Organizations must adapt their security strategies to mitigate risks originating from within.
What to watch next
Going forward, companies should tighten internal controls by restricting unnecessary access privileges and implementing robust multi-factor authentication systems. These steps can reduce attack surface areas and thwart attackers who leverage legitimate employee credentials or policy workarounds.
As shadow IT and employee reliance on unapproved tools grow, organizations need enhanced monitoring and employee education initiatives to curb inadvertent leaks of sensitive data. Tracking how insider threat trends evolve will be critical to refining security policies and safeguarding corporate assets.