The increase in sophisticated cybersecurity threats has affected organizations on a global scale. So, it’s essential to consider the largest yet most underacknowledged threat to an organization: the insider threat. Insider threat awareness is critical because the actions of malicious or careless actors within an organization can result in cyberattacks and exposed data. Verizon’s 2019 Insider Threat and Data Breach Investigations Reports confirm tales of internal attacks, citing:
- 1 in 3 breaches involve internal actors
- 20% of all cybersecurity incidents are caused by privilege misuse
- 29% of breaches involve the use of stolen or compromised credentials
What do you imagine when you envision an insider threat? Is it a dark figure in a hoodie, huddled in the corner pillaging files and electronic folders? The reality is that an insider threat could be anyone — a high-ranking executive, an office admin, even you. The faces are familiar ones that you may see every day, which is why it’s crucial to increase insider threat awareness throughout your organization.
Here are five familiar faces of insider threats you may recognize.
1. The corporate climber
From day one, this employee seems highly driven, but they also haven’t completely bought into the organization’s success or company culture. They have many connections and are always looking for ways to get ahead. So, when a new opportunity at a competing firm introduces itself, this employee uses their authorized credentials to pilfer through your CRM and takes your sales team’s data out the door.
2. The no-rules executive
This employee has been at the organization for 15 years. Seasoned and confident, they often seem to fly above the rules – after all, don’t they know best? When sending customer’s financial data internally, they forget to encrypt their email. They have a lot to do, and to them, going through the extra step seems like a waste of time. But the email was intercepted by a malicious user, and now the financial data has left the building. Now that it’s gone, you have no control over who might access it, meaning your customer’s information is at-risk, along with the security and integrity of your business.
3. The third-party consultant
You only see this employee around the office on occasion – they probably work in another department on a different floor. They often go unnoticed, spending much of their time tending to servers and hardware in the IT room. Little does the organization know that this employee is streaming confidential data to their personal laptop at home. Also, did they just “drop” a USB drive? Third-parties have the unique position of being granted privileged access to networks while also having a reduced degree of accountability and loyalty towards the organization.
4. The well-meaning new hire
It’s this employee’s first week! They are ecstatic about their new position, eager to connect with the team, and ready to make an impact. They notice a USB drive on the floor outside the IT room. Hoping to return it to the rightful owner and win some bonus points, they plug it into their computer. But this USB wasn’t lost – it was planted by a malicious actor, and now the network has been compromised. Human error is responsible for a large percentage of internal threats, and training is a critical way to reduce human attack surfaces by creating insider threat awareness and providing tactics to mitigate risk.
5. The departing employee
It’s this employee’s last week. They’ve been let go for consistently missing their quotas, but their credentials haven’t been suspended. Unfortunately for them, they don’t have another position lined up, and they feel that they’ve been mistreated. In a financial bind, this employee sweeps the dark web looking for people who want to solicit data. They find a buyer and are now in the business of selling your compromised data since they still have access to your network.
How to manage and prevent risk using insider threat awareness
The truth is that the insider threat is very real, and organizations can’t continue to only account for external threats and adversaries. The consequences have proven costly – per Ponemon Institute’s 2018 Cost of Insider Threats Report, the average damages from insider activities cost nearly $9 million per enterprise in 2018. In addition to promoting insider threat awareness, organizations must couple the technologies of user activity monitoring and behavior analytics to provide insights into who has access to employer information and what they are doing with it.
Applications such as Salesforce contain highly sensitive, business-critical information. Cloud security solutions that monitor user activity audit logs and turns them into human readable text allow your organization to generate alerts and visualize data. These insights enable you to take action when an employee misuses or tries to steal company data. Using these technologies and creating a security-centric culture will provide employers the ability to trust but verify privileged insider activities.