Grey Zone Special Report: The Five Eyes Alliance - Are We Our Own Worst Enemy?
In this Grey Zone Special Report, I provide an analysis on what could be the most significant threat to Five Eyes countries. That threat is ourselves.
Hi all,
I hope you have all had a good week. This edition of the Grey Zone SITREP is another special report where we provide a high level overview on the insider threat to Five Eyes - arguably one of the most significant threats outside of foreign interference.
This week we also launched a referral program, where you can earn rewards for referring people to this community. Through earning rewards you gain access to our compartmented reporting between one month access to lifetime access. Start getting your friends in here!
Our premium subscription, which gets you access to ‘The Compartment’ is still going strong. We’ve been provided our readers with consistent and up-to-date battlefield updates and strategic reports. Due to the timezone (in NZ we are ahead of many news cycles), when we drop this information - we are usually one of the first publications to report it. Consider getting access and stay truly ahead and informed.
If you were hanging out for normal reporting this week, head along to my YouTube channel or wherever you get your podcasts (search The ALCON Podcast) and listen to our Daily Intel Updates. We provide short and sharp briefs, of the previous 24h.
We are building an intelligence community - without the need for a clearance.
Enjoy and have a great weekend.
ALCON.S2
Insider Threats to the United States
In recent years, the security landscape within the United States has been increasingly challenged by insider threats. These threats, emanating from within organizations, pose a complex risk to national security, as evidenced by the alarming statistics and the evolving nature of these incidents.
The 2023 Annual Threat Assessment of the U.S. Intelligence Community, a document presented to Congress, illustrated the multifaceted nature of threats facing the nation, including those posed by insiders. The assessment encapsulates a myriad of threats, from military to civil, and details the nuanced changes in the U.S. perceptions of these threats, including the role of insiders as potential vectors for breaches of security, espionage, and sabotage.
According to a report by The Tech Report, the cost of insider threats in 2022 reached a staggering $15.38 million. These insider events affect 34% of businesses annually, showcasing the prevalence and financial impact of such incidents. As of May 2023, businesses in the United States encounter around 2,200 internal security events on a daily basis, indicating the frequency and regularity with which these threats occur.
Further highlighting the severity of the issue, a recent case involving a member of the Massachusetts Air National Guard arrested for leaking classified documents emphasizes the persistent risk of insider threats. The individual's access to sensitive information and subsequent unauthorized disclosure illustrates a critical vulnerability within the security apparatus.
The 2023 Insider Threat Report reflects a growing concern among security professionals, with 74% reporting their organizations as moderately to extremely vulnerable to insider attacks. There is a noted increase in the frequency of insider threat incidents, with a 6% rise from 2021. Furthermore, 60% of respondents indicated challenges in detecting such attacks, underscoring the difficulty in managing these risks.
Statistics from Privacy Savvy reveal a 47% surge in insider incidents over the past two years. In 2022, each incident's cost was $15.38 million. The report also points out that over 70% of insider attacks remain unreported externally, suggesting a significant underestimation of the issue's scope. Importantly, trusted business partners account for 15-25% of insider incidents, and more than half of the organizations find it challenging to detect insider attacks, particularly in cloud environments.
Insider Threats to Canada
The current situation for insider threats to Canada is marked by a combination of technological advancements, geopolitical tensions, and evolving cybercriminal strategies. The PwC Canadian Cyber Threat Intelligence Report for 2023 indicates that more than two-thirds of Canadian executives view cybercrime as a significant threat, with a catastrophic cyberattack topping global resilience plans. Canadian CEOs anticipate heightened exposure to cyber risks, with 11% expecting high or extreme exposure within the next year.
AI is being leveraged by threat actors to bolster attack strategies, leading to sophisticated cyber threats like ransomware and state-sponsored attacks, which have caused substantial financial losses. The report stresses the importance of a holistic approach to cybersecurity, anticipating key trends like AI-driven cyber threats, advanced ransomware, data breaches, geopolitical tensions, and IoT-related vulnerabilities.
The National Cyber Threat Assessment 2023-2024 by the Canadian Centre for Cyber Security corroborates the seriousness of these threats. It highlights the increased risk from the surge in online activities, noting the rise in personal, business, and financial data online, thus broadening the attack surface for cybercriminals. Ransomware continues to be the most disruptive cyber threat, with cybercriminals employing more sophisticated tactics.
State-sponsored cyber activities, particularly from China, Russia, Iran, and North Korea, pose significant threats, with attempts to target Canadian assets and individuals for espionage and financial gains. The assessment also points to the use of misinformation and malinformation by nation states to influence Canadians and degrade trust in online spaces.
In the context of hybrid work environments, the National Cyber Threat Assessment also indicates that the broader threat surface has increased the vulnerability of organizational and individual networks. More Canadians working remotely means that business networks are now more exposed to cyber threats through home networks and personal devices.
Insider Threats to the United Kingdom
Insider threats to organizations in the United Kingdom is increasingly becoming a point of major concern for national security. The key themes that emerge from the reports indicate that these insider threats are on the rise and are becoming more costly for organizations.
The National Cyber Security Centre (NCSC) has been highlighting cyber threats faced by various sectors, including sports, but the detailed content of the latest threat reports was not accessible for deeper analysis. However, other sources provide a more granular view. For instance, Proofpoint's 2022 report indicates that insider threat incidents are costing businesses upwards of $15 million annually, on average, with a significant concern being credential theft. This report also notes that it now takes 85 days to contain an insider threat, an increase from previous years. The frequency of insider-led incidents is also up by 44% in 2022, and the cost of addressing such incidents has increased by 34% since 2020, highlighting the severity and upward trend of these threats.
Kroll’s Threat Landscape report also supports this, stating that insider threat reached its highest quarterly level in Q3 2022, accounting for nearly 35% of all unauthorized access threat incidents. Moreover, Proofpoint has categorized insider threats into careless insiders, malicious insiders, and credential theft, with careless insiders accounting for the highest percentage of incidents but at a lower cost per incident compared to malicious insiders and credential theft, which are costlier and on the rise. Certain sectors like financial services and retail have seen their insider threat costs skyrocket, with respective increases of 47% and 62% in 2022.
PwC UK's Cyber Security Outlook for 2023 highlights the growing awareness among senior executives of cyber threats as a significant impact on their organizations. This report reveals a particular concern about cloud-based threat vectors and attacks against cloud management interfaces. There is an emphasis on the need for increased cybersecurity budgets and a push for digital transformation as critical to managing these threats.
Reporting also highlight that cyber-attacks are now considered the biggest organizational risk, even more so than global recession or health crises, with UK CEOs expressing concern about the impact on their ability to sell products and services. Furthermore, there is a call for a more strategic approach that includes a broad understanding of risk and how to continue operations across simultaneous risks, rather than focusing on isolated risk scenarios.
Finally, less than half of UK organizations say they coordinate and integrate their cyber resilience measures across business continuity, disaster recovery, crisis management, and threat intelligence. PwC's report suggests that leadership, data analytics capabilities, and employee cybersecurity awareness are critical factors for successful cybersecurity transformation, with a call for more cyber-savvy workforces and leadership commitment to cybersecurity initiatives.
Insider Threats to Australia
The recent and credible reports on insider threats to Australia point to a complex and growing concern that spans across different sectors, including critical infrastructure like hospitals and energy facilities. The Australian government has been proactive in addressing these threats, as highlighted by the Critical Infrastructure Centre (CIC) within the Department of Home Affairs that collaborates with state governments, industry, and the broader community to protect against such risks.
The threat landscape has been rapidly evolving, with cybercrime reports rising by nearly 13 percent in the 2021–22 financial year, with insider threats being a significant part of these incidents. In response to these challenges, Australia has established the Australian Cyber Collaboration Centre to work towards a national strategy for identifying and mitigating insider risks.
Financially, the impact of insider threats is significant, with illegal activities and negligence of employees causing considerable harm to organizational productivity and incurring high costs for businesses to detect and rectify such issues. The Australian Government has also released a guide to help entities understand, identify, and prevent insider threats, emphasizing the importance of robust frameworks to counter such risks.
Globally, the average annual cost of insider threats is notably high, with the Asia-Pacific region, which includes Australia, facing an average cost of $7.89 million. Negligent insiders alone cost companies around $307,000 per incident, pointing to a substantial financial burden. Furthermore, the 2023 Insider Threat Report by Cybersecurity Insiders found that 74% of organizations are at least moderately vulnerable to insider threats, with many incidents in 2022 resulting from user negligence.
A sharp increase of 40% in the cost of insider cybersecurity attacks over the past four years also underscores the growing severity of the problem.
Insider Threats to New Zealand
Experts from the NZSIS point to the increasing competition between states as a driver of espionage and foreign interference, emphasizing that the primary actors in these threats are the states themselves, along with individuals acting on their behalf. Moreover, violent extremism has evolved, with individuals in New Zealand exploring a mix of extremist beliefs without necessarily aligning with one particular ideology. This emerging trend is described as 'mixed, unstable, and unclear' ideologies.
Misinformation and disinformation also play a role in shaping threats by paving pathways to violent extremism and creating opportunities for foreign interference. The NZSIS stresses the importance of understanding the factors that motivate or drive the choices of individuals or governments to prepare for current and future security threats.
Additionally, New Zealand has acknowledged intelligence activity linked to China within the nation and the Pacific region, which adds complexity to the threat environment. The nation has also censured China and Russia for their involvement in hacking and malicious cyber activities against Ukraine, respectively.
The national security implications of these threats are significant as they can undermine democracy and security. The NZSIS has made a distinction between the states responsible for foreign interference and the larger communities from those countries, highlighting the importance of not attributing the threat to any particular community.
[RESTRICTED COMPARTMENT] 12 to 24 MONTH ASSESSMENT
The evolving threatscape for the Five Eyes countries over the next 12 to 24 months
Keep reading with a 7-day free trial
Subscribe to The Grey Zone to keep reading this post and get 7 days of free access to the full post archives.