Tackling insider cyber threats in the aviation industry

Emran Ali, Principal Cyber Security Consultant at Bridewell, explains why cyber threats are increasing and outlines how the aviation sector can tackle the issue

Cybersecurity leaders in the aviation…


Emran Ali, Principal Cyber Security Consultant at Bridewell, explains why cyber threats are increasing and outlines how the aviation sector can tackle the issue

Cybersecurity leaders in the aviation industry are grappling with significant challenges on multiple fronts. As security teams and budgets contend with a growing wave of cyber threats, both nation-state actors and criminals seize opportunities presented by global uncertainty to advance their operations. Meanwhile, the ongoing economic crisis, coupled with its impact on employees and the heightened threat of strike action during the summer, adding layers of complexity, leaving organisations vulnerable to increased internal cyber risks.

Recent research conducted by Bridewell highlights a staggering 180% surge in security incidents related to employee sabotage within transport and aviation organisations in just one year. This alarming increase underscores concerns about the effects of the economic downturn on cyber risks originating from within. In fact, over a third (34%) of decision-makers in the transport and aviation industry anticipate a rise in internal employees turning to cybercrime as a direct consequence of the cost-of-living crisis.

Given that nearly a quarter (23%) of cyber decision-makers in the transport and aviation sector consider staff sabotage as one of the greatest risks to their IT environment, it is imperative for companies to remain vigilant regarding the security threats posed by their employees. However, it is crucial to strike a delicate balance, as an excessively cautious approach can breed a culture of mistrust and suspicion, potentially causing more harm than good. With a recent cyber attack on third-party provider Aon, compromising the pay and benefits of nearly 2,000 Dublin Airport employees, patience is understandably wearing thin. The challenge lies in finding the right equilibrium between maintaining robust security measures and trusting employees as they navigate economic hardships.

The escalating threat of insider attacks

Insider threats present a severe and growing risk to the UK’s critical national infrastructure (CNI). Within the aviation sector, employees often possess privileged access to intricate networks, systems, and sensitive information such as passenger data, flight plans, and financial transactions. This level of insider access provides ample opportunities for covert disruption and internal damage to organisations. The potential consequences of such incidents extend far beyond financial and reputational harm; if not effectively contained, they can jeopardise both transport infrastructure and national security.

Moreover, aviation companies heavily rely on multiple stakeholders and subcontractors, expanding the insider risk beyond conventional boundaries as third-party partners and vendors gain access to highly sensitive systems. In this intricate and interconnected environment, organisations may struggle to maintain full visibility and control over critical assets and data. Consequently, the risks are heightened, and the detection of harmful insider activities becomes more challenging.

Alarming statistics from Bridwell’s research also reveal that nearly three-quarters (72%) of security decision-makers in the UK transport and aviation sector have witnessed an increase in cybersecurity risks originating from insiders, whether malicious or negligent, over the past three years. This highlights the diverse range of security risks that organisations face from within. Deliberate acts of employee sabotage, planned in advance, have seen a significant rise, with transport organisations encountering such threats approximately every 13 days on average, compared to less than once a month in the previous year.

Many employees possess firsthand knowledge of vulnerabilities within their organisation’s infrastructure and cybersecurity defence’s. They are also familiar with the nature and location of exploitable sensitive data. This combination equips insiders with the means to carry out destructive attacks on their own organisation’s systems and operations, driven by desperation, dissatisfaction, or various other motivating factors.

The cost-of-living crisis: A breeding ground for insider risks?

However, not all insider threats stem from individuals with malicious intentions. New models of distributed work have created vulnerable entry points, increasing the risk of employees compromising their organisation’s cybersecurity due to negligence. This often occurs when employees take shortcuts or store data in insecure environments. In fact, nearly a third (28%) of security leaders in the transport and aviation sector now identify accidental data loss or disclosure as their organisation’s most significant IT risk.

The cost-of-living crisis further amplifies the insider threat, as 73% of transport and aviation organisations have already experienced reductions in their security budgets due to the economic downturn. Consequently, cybersecurity concerns may slide down the priority list. Meanwhile, sophisticated criminal groups may actively seek to exploit vulnerable insiders struggling with rising costs, enticing them with lucrative payoffs in exchange for access to sensitive data or protected systems. As a direct result of economic hardship, more than a third of transport and aviation companies anticipate an increase in fraudulent cyber attacks (35%) and social engineering techniques (34%).

Developing an intelligence-led security culture

Amid mounting pressure on organisations and staff, the aviation sector must find new ways to empower their employees as key security assets. This necessitates taking proactive measures to fortify cybersecurity defences from within.

First and foremost, aviation organisations should prioritise maintaining a robust cybersecurity budget, investing in resilient access controls for sensitive systems and data. This approach ensures that employees can access what is necessary and nothing more. Supported by proactive monitoring, vulnerability assessments, and regular penetration testing, these controls help close exploitable security gaps while bolstering the overall cybersecurity posture of the organisation.

However, striking the right balance requires organisations to acknowledge the crucial role of the “human factor” in cybersecurity. Continuous employee training and awareness are vital components of an effective security strategy, educating employees about the importance of cyber security and the risks associated with insider threats. By reinforcing the message that cyber security is everyone’s responsibility and by empowering their workforce to recognise and respond to a wide range of evolving insider threats, business leaders can foster a collaborative and intelligence-led cybersecurity culture. This establishes a culture that promotes and rewards the reporting of potential insider threats. Providing channels for employees to report suspicious activities anonymously and protect whistleblowers from retaliation. Such a culture encourages information sharing and supports effective decision-making across the sector. Adopting this approach ensures that aviation companies stand united, effectively mitigating insider risks even in turbulent times.
Subscribe to the FINN weekly newsletter

Sign up for our newsletter and get our latest content in your inbox.

More from