New surveys show that fears of AI attacks are increasing. In this context, employees are also the no. 1 threat to successful cyberattacks. The two are interrelated. IT security managers must therefore urgently rethink and adapt their security strategies!
The greatest risk is sitting in front of the monitor
➡ “The state of IT security in Germany was and remains worrying”, states the BSI website. The German Federal Office for Information Security also says:
“Groundbreaking technological developments play into the hands of malicious actors in the digital space. Cybercriminals are professionalizing their operations. They are technically up to date and are acting aggressively.”
➡ It seems as if a “cyberwar” is raging online. But despite ever-increasing attack methods, there is one vulnerability that is often underestimated: insider threats have overtaken external attacks as the dominant cybersecurity risk! This is the key finding of Exabeam’s paper “From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk”
➡ According to this study, 64% of IT security leaders believe that insiders- whether intentionally or through compromise – pose a greater risk than external attackers. This perception is well-founded, as the research shows the threat is steadily increasing: 53% of organizations report an increase in insider incidents in the last year. And over half of respondents expect a further escalation in the next 12 months.
➡ This increase is largely driven by the rapid development of AI technologies, especially Genative AI (GenAI). GenAI acts as an accelerant, enabling attackers to make their tactics faster, more insidious, and more adaptable.
➡ Two of the three most important attack vectors are already closely linked to artificial intelligence. A top topic is AI-assisted phishing and AI social engineering. The study, conducted by Sapio Research and Exabeam, shows that 93% of respondents expect AI to increase the effectiveness of insider attacks.
➡ Another problem is the emergence of so-called “shadow AI,” which refers to the unauthorized use of AI-based tools. 76% of study participants say that applications like ChatGPT or Gemini are used without permission within their organization. These high figures are also confirmed by other studies, for example, by XM Cyber and Microsoft.
➡ Another critical point is the emergence of an entirely new category of threats: non-human insiders. These are AI agents that operate autonomously and can exploit internal and external systems with real credentials. Steve Wilson, Chief AI & Product Officer at Exabeam, explains: AI agents aren’t inherently malicious. But their ability to act without oversight presents a new kind of insider risk.
What measures are companies taking to combat this dangerous situation?
➡ The study by Sapio Research and Exabeam clearly demonstrates how critical the situation is: Although 88% of companies report having an insider threat program in place, most lack the appropriate technology to actually detect suspicious behavior. Only 44% use modern methods such as User & Entity Behavior Analytics (UEBA), and preventative measures such as System Hardening are not mentioned.
➡ Instead, many respondents rely on traditional tools such as Identity and Access Management (58%), Data Loss Prevention (53%), and Endpoint Detection and Response (51%). In our opinion, this is insufficient to manage these complex risks.
➡ The lack of preventive measures and detection measures such as behavioral analytics and contextual knowledge creates blind spots in the IT landscape. Exabeam states: The mere presence of tools is not enough! Without behavioral insights or context, critical signals can easily be missed.
➡ Another issue highlighted by the study is management’s “blind flight”: 74% of security professionals believe their management underestimates insider risk. This discrepancy between the perceptions of operational teams and the executive level is holding back urgently needed investments.
Summary of findings: These are the biggest cybersecurity weaknesses
🛑 There are a multitude of cybersecurity threats that are rapidly increasing due to the “AI boom.”
🛑 But the biggest risk, according to the study by Sapio Research and Exabeam, is the company’s own employees. They fall for well-crafted phishing emails and deepfake calls, for example. Even phishing/awareness campaigns are only of limited help here.
🛑 As a result, employees carelessly click on links, open files without thinking, or disclose sensitive data. In addition, there are also insiders who deliberately act with the intention of harming their organization.
🛑 Ultimately, incidents occur in which systems are encrypted, trade secrets are stolen, or machines are damaged, among other things. This has serious consequences for a company: The costs of a cyber incident can run into the millions or even lead to bankruptcy.
🛑 Many IT managers are aware of the numerous threats and risks, but often fail to act consistently. Reasons for this include internal political hurdles and a lack of resources.
🛑 The study also shows that the areas of “Detection” and “Response” are the focus of IT managers. However, the area of ”Prevention” appears to have not yet been sufficiently addressed.
What should you do now?
Do the results of the studies mentioned sound familiar? Is the situation similar in your company? Then you should take countermeasures as soon as possible!
✅ This includes improving your entire IT security strategy to best protect your systems against current and future threats.
✅ When optimizing your strategy, don’t just think about detecting threats or cyber incidents! Invest just as much resources in preventative measures. The BSI states in its “IT Security Status Report in Germany 2024”:
“There is a broad need for action, particularly regarding the attack surface, which is constantly increasing with the general digitalization. Every company, every government agency, every scientific or social institution, every sole proprietor – all of Germany is called upon to identify and protect its own attack surfaces. This is a major challenge in historically evolved IT landscapes, but it is necessary, because attackers are constantly looking for new attack vectors.”
✅ An essential measure for taking preventative action while simultaneously meeting the requirements of numerous IT regulations, laws, and standards (NIS2, DORA, ISO 27001, etc.) is the Secure Configuration of your systems – also known as System Hardening.
✅ System Hardening significantly reduces the attack surfaces of your systems. Many cyberattacks then fall flat, even with AI ransomware, polymorphic malware, or Mimikatz attacks. Why? This short video gives you the answers:
✅ Important: “Because threat situations, as well as your systems, are constantly evolving, you must continuously adapt your System Hardening,” explains Florian Bröder, Managing Director of FB Pro. “Since this is a huge challenge, you should automate the review and optimization of your configurations as much as possible.” How? For example, with Enforce Administrator.
Conclusion
“Insider threats from AI are more dangerous than external cyberattacks” – this is how the German IT magazine heise.de summarizes the study by Exabeam/Sapio Research in a headline. In our opinion, this abbreviation doesn’t do justice to the overall findings. As the figures show, it’s not just AI tools and AI-generated attacks that are the biggest problem. The biggest problem is that employees can cause lasting damage to their company’s systems.
Why is this? “Because there are apparently insufficient protective measures! Among other things, AI tools can be used unchecked and infected emails can be opened without restrictions,” says Florian Bröder. Not only that: Because IT systems are poorly protected, attackers can spread relatively easily. Since downstream security measures are also sometimes immature, cyberattacks are detected too late.
How could all this be prevented? By taking preventative action! Consistent hardening of all systems – from Office Hardening and Windows 11 Hardening to Windows Server 2025 Hardening – ensures that cyber criminals no longer have such an easy time. In the best case scenario, attacks are prevented proactively.
But System Hardening also helps in the event of successful attacks: The spread is slowed and can be restricted to specific areas (network segments, computer types, etc.). And in the scenario of a cyber attack, time is literally money.
Do you have any questions?
Would you like to know more about System Hardening? Or would you like to know how you can implement automated System Hardening in your company? Contact us – our experts are happy to help!