5 Familiar Faces of the Insider Threat
The increase in sophisticated cybersecurity threats have affected organizations at a global scale in 2017. So, it’s important to remember the biggest yet most underacknowledged threat to an organization: the “Insider Threat”. We’ve heard stories of malicious or careless persons within an organization, whose behaviors result in cyberattacks and exposed data. The IBM X-Force Cybersecurity Report confirmed these tales, citing:
- 60% of all cybersecurity attacks are caused by employees inside an organization
- 44.5% being malicious insiders
- 15.5% being inadvertent actors.
So, what do you imagine when you envision an insider threat? Is it a man in a hoody huddled in the corner pillaging files and electronic folders? The reality is that an insider threat could be anyone, it could be a high-ranking executive, an office admin, or even you.
Here are a few common insider threats you may recognize:
The Corporate Climber
From day one, this employee seems to be very driven, but not completely bought into the organizations success or company culture. They seem to have many connections and are always looking for ways to get ahead. So, when a new opportunity at a competing firm introduces itself, this employee takes your sales team’s data out the door.
The No-Rules Executive
This employee has been at the organization for 15 years. Seasoned and confident, they often-times seem to fly above the rules, after all, don’t they know best? When sending customer’s financial data internally, they forget to encrypt their email. They have a lot to do. But the email was intercepted by a malicious user and now the financial data has left the building.
The Third-Party Consultant
You haven’t seen this employee around the office much, he probably works in another department on the 3rd floor. He often goes unnoticed, spending much of his time tending to the servers and hardware in the IT room. Little does the organization know that this employee is streaming confidential data to his personal laptop at home. Also, did he just “drop” a USB drive?
The Well Meaning New Hire
It’s this employee’s first week! They are ecstatic about their new position, and are eager to connect with the team and make an impact. They notice a USB drive on the floor outside the IT room. Hoping to return it to the rightful owner and win some bonus points, they plug it into their computer, but this USB wasn’t lost, it was planted, and now the network has been compromised.
The Departing Employee
It’s this employee’s last week. They’ve been let go for consistently missing their quotas, but their credentials haven’t been suspended. Times are about to get tough because they don’t have another position lined up, and they feel that they’ve been treated unfairly. In a financial crunch, this employee sweeps the dark web for people soliciting for data. They find a buyer, and are now in the business of selling your compromised data, since they still have access to your network.
How to Manage and Prevent the Insider Threat
The truth is that the insider threat is very real, and organizations cannot continue to only account or external threats and adversaries. The consequences have proven costly, Per a Ponemon Institute Report, the 2016 Cost of Insider threats found that on average, damages from insider activities cost more than $4 million dollars per enterprise in 2016. Organizations must couple the technologies of user activity monitoring and behavior analytics to provide insights into who has access to employer information and what they are doing with it.
Applications such as Salesforce® contain extremely sensitive information that is business critical to an organization. Solutions such as FairWarning® for Salesforce takes user activity audit-logs and turns it into human readable text, allowing your organization to generate alerts and visualize data so you can take action when an employee is misusing your company data or trying to take it out the door. Using these technologies and creating a security centric culture will provide employers the ability to trust but verify® what their insiders are doing.