September is National Insider Threat Awareness Month, which serves both as a reminder of the challenges that insider threats can pose security teams, and also raise awareness for the best practices for preventing breaches as a result of these hidden threats.
Here is some commentary from a group of cybersecurity experts regarding Insider Threat Awareness month and insider threats in general. They are Steve Wilson, Chief AI and Product Officer at Exabeam, Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka, Joshua Roback, Principal Security Solution Architect at Swimlane, and Pete Luban, Field CISO at AttackIQ.
Steve Wilson, Chief AI and Product Officer at Exabeam:
“The danger from insider threats continues to grow in the modern cyber landscape, particularly as AI accelerates their speed, stealth, and sophistication. With 64% of cybersecurity professionals now viewing insiders as a greater risk than external actors, Insider Threat Awareness Month serves as a critical opportunity to emphasize proactive defense strategies.
While 88% of organizations have insider threat programs, many lack behavioral analytics needed to detect AI-enhanced attacks that exploit trusted access and mimic legitimate user behavior. As threats intensify across sectors like government, healthcare, and manufacturing, this initiative provides an opportunity to call for stronger governance, cross-functional collaboration, and real-time detection capabilities to stay ahead of both human and AI-driven insider risks.”
Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka:
“Insider Threat Awareness Month is a critical initiative for raising awareness about the unique security risks posed by internal actors. There have been several examples of insider threats wreaking havoc on major corporations, with Elon Musk’s X being the most prominent recent example.
A malicious insider is a significant cybersecurity risk, as such individuals can steal intellectual property, exfiltrate confidential information, sabotage systems, or manipulate business operations for personal gain or in collusion with outside threats. The impact can range from financial losses and reputational damage to regulatory penalties and national security risks.
Awareness about malicious insider activities is crucial because employees and stakeholders must understand the importance of safeguarding credentials, and the necessity of reporting suspicious activity. By teaching employees to recognize the signs of suspicious behavior and reinforcing the importance of strict access controls and reporting protocols, organizations can transform our entire workforce into a crucial line of defense against internal threats. Employees’ role in this is not just important: it’s indispensable. They are the first line of defense, and their commitment to this cause is what will keep organizations secure.”
Joshua Roback, Principal Security Solution Architect at Swimlane:
“Insider threats have always been one of the hardest challenges for security teams because they originate from people with legitimate access. Unlike external adversaries, they don’t have to find a way in. They already have the keys. That makes their actions harder to spot and far more damaging when they turn malicious or careless.
It’s up to organizations to ensure their security systems are well-protected, starting with determining who has access to which systems. Poorly managed access controls creates an environment for insider threats to sprout and thrive. Implementing a mature identity access management solution is the most powerful weapon in mitigating insider threat risks. User behavioural analytics (UBA) can provide proactive detection of anomalous user behaviors, giving security teams a leg up against unannounced attackers.
The rise of insider threats has resulted in the development of security measures which can ensure that threats are monitored, analyzed, and neutralized before they escalate into catastrophic breaches. Building resilience has required organizations to combine continuous monitoring, automated response, and a strong security culture to reduce the window of opportunity for insider abuse.”
Pete Luban, Field CISO at AttackIQ:
“Insider threats, whether from disgruntled employees or compromised credentials, are difficult to detect and prevent with traditional security measures. Insider Awareness Month serves as a reminder to security teams about the importance of simulating real-world insider attack scenarios to assess the effectiveness of their security controls and response protocols.
Recent spikes in shadow AI usage and lack of proper cyber hygiene increase the likelihood of insider threats. Use of unauthorized tools or platforms can unknowingly expose sensitive data or create exploitable vulnerabilities, as well as poor security practices, like maintaining out-of-date software or weak passwords.
By integrating techniques, such as adversarial emulation, into the security lifecycle, organizations can uncover gaps in their detection and mitigation strategies before a real attack occurs. Simulated, continuous testing can ensure that security teams can mitigate attacks before insider threats sidestep defenses and steal valuable company data.”
Posted in Commentary with tags Hacked on September 5, 2025 by itnerd
Researchers have discovered that cybercriminals have orchestrated a sophisticated phishing campaign using Simplified AI, a legitimate AI marketing platform, to steal Microsoft 365 credentials from the U.S.-based organizations.
During the phishing campaign, threat actors hosted a phishing webpage under the legitimate Simplified AI domain, blending malicious activity into the daily noise of enterprise traffic. By impersonating an executive from a global pharmaceutical distributor, the threat actors delivered a password-protected PDF that appeared legitimate. Once opened, the file redirected the victim to Simplified AI’s website, but instead of generating content, the site became a launchpad to a fake Microsoft 365 login portal designed to harvest enterprise credentials.
This social engineering combined with phishing highlights a dangerous evolution: threat actors are merging impersonation with sophisticated phishing techniques while exploiting the era of AI adoption in enterprise organizations. They are no longer relying on suspicious servers or cheap lookalike domains. Instead, they abuse the reputation and infrastructure of trusted AI platforms. These are platforms your employees already rely on, or that your security team may implicitly trust, allowing threat actors to bypass defenses and slip into your organization under the cover of legitimacy.
Javvad Malik, Lead Security Awareness Advocate at KnowBe4, providing the following commentary:
“We’re seeing attackers piggyback our own shortcuts. If a link lands on a whitelisted AI platform everyone already uses, it feels safe. In a busy world, while many are multi-tasking, it’s easy to see branding, a familiar layout, and a PDF and lower their defenses. That’s precisely what this attack is seeking to do.”
“It’s why we need to treat AI platforms like any other third-party app. We should use them, but verify. Turn on phishing-resistant MFA so a stolen password doesn’t result in a breach. Be wary of password-protected attachments, reporting them to IT or Security teams to inspect if unsure. Keep an eye on which AI apps and OAuth consents your teams are actually using. And if an email nudges you to log in somewhere new, pause and verify before you type a single character.”
This is pretty scary as this would be pretty hard to detect. It just shows how threat actors are evolving to make their attacks more effective. And it means that in response we need to find and implement new and stronger defenses to ensure that threat actors don’t win.
Leave a comment »