"The most insidious threat to an organisation does not always come from outside, but can start from within," Christos Makedonas, Partner, Digital Risk Services, Grant Thornton Cyprus, underlined, opening his presentation on 'The Insider Threat: Tackling Risks from Within the Organisation' at the 5th Cyber Security Conference in Nicosia.
In his presentation, he highlighted the rapidly evolving forms of insider threats created by the new era of artificial intelligence, from false representations (deepfakes) of voices and images that imitate executives, to malicious voice or digital assistants (chatbots) that can manipulate employees or leak data.
Makedonas drew the audience's attention to the most worrying forms of emerging insider threats, such as disinformation through infected internal systems, prompt injection and data poisoning attacks that distort the results of models, as well as the phenomenon of 'Shadow AI', where employees resort to unapproved artificial intelligence tools, exposing critical information. He also highlighted the new dimension that social engineering is taking, with the emergence of “synthetic social engineering”, which leverages content generated by artificial intelligence algorithms to make attacks more realistic and more difficult to detect.
Particular reference was also made to "collusive threats", where internal collaborators operate in coordination with external malicious actors, exponentially increasing the risk. To address these threats, Makedonas underlined the need for strong corporate governance, a clear regulatory framework and a combination of technical and organizational security measures.
Finally, he sent the message that organisations must view the insider threat not as an isolated incident, but as an ongoing risk that requires continuous surveillance, training, and strengthening of the security culture.
(Source: InBusinessNews)
