Insider threats: Battling a security unknown

There exists a subtler and potentially more damaging danger lurking in your business – the insider threat.

Insider threats are one of the most serious and costly cybersecurity risks for any organisation. This phenomenon involves individuals exploiting their privileged access to compromise security from within.

 An insider threat could be a current or former employee, consultant, board member, business partner, or third-parties, and could be intentional, unintentional, or malicious.

Insider threats can cause various types of harm, such as data loss, data leakage, unauthorised information disclosure, corruption, espionage, sabotage, terrorism, degradation of resources, and malware or ransomware attacks.

The 2023 Insider Threat Report by Cybersecurity Insiders states that 74% of organisations are at least moderately vulnerable to insider threats. The 2022 Cost of Insider Threats Global Report from Ponemon Institute reveals that insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million.

Types of insider threat

Intentional Insider threats

An intentional insider threat occurs when an individual sets out to purposely cause harm to the organisation. This often happens because they want to get even with a company over a lack of recognition or a failure to meet expectations, such as not receiving a desired bonus or promotion. Their actions could include:

• Fraud: An employee may falsify financial records, alter customer information, or sell confidential data to competitors or criminals.
• Sabotage: An employee may delete critical files, disrupt network operations, change admin passwords or plant malicious code or malware and create backdoors in systems.
• Espionage: An employee may copy trade secrets, intellectual property, customer data, or national security information and sell them to rival companies or foreign governments.
• Terrorism: An employee may provide information or access to terrorists who plan to attack the company premises or employees.

Unintentional Insider threats

This happens because of employee error or negligence.

• Accidental: Accidental data leaks include sending business information to the wrong email address, mistakenly clicking on malicious hyperlinks or opening malicious attachments in phishing emails, or failing to delete or dispose of sensitive information effectively.
• Negligent: Ignoring security and IT policies, misplacing portable storage devices, using weak passwords, and ignoring software updates or security patches are examples of negligence that can lead to an attack or breach.

Third-party Threats

A third-party threat is typically a business partner or contractor that compromises an organisation’s security. An excellent example is how cost low-code platform provider Pegasystems were told to pay $2.036 billion in damages for trade secret misappropriation to the detriment of coding automation company. Pegasystems had hired an employee of a government contractor to spy on Appian to learn how to better compete against its rival.

Seven ways to mitigate insider threats

1. Access control and segmentation: Adhere to the principle of least privilege by granting employees only the necessary access. Implement network segmentation to curtail lateral movement and contain breaches if they occur.
2. Monitor behaviours: Use technology to establish baseline patterns and identify anomalies, such as excessive data access or login activities from unfamiliar locations, triggering alerts for further investigation.
3. Training and Awareness: Regularly educate employees about the nuances of insider threats, the tactics employed in social engineering, and the importance of adhering to established security protocols and policies.
4. Data Loss Prevention (DLP): Deploy DLP tools to monitor and control the movement of sensitive data, both within and outside the organisation. Prevent unauthorised sharing with mandatory controls at file level.
5. Exit Procedures: Have clear and written policies on roles and responsibilities when an employee leaves or a contractor is terminated.  Access should be revoked immediately. Any corporate device should be collected.
6. Third-party management: The same stringent security standards should apply to third-party vendors and contractors, and closely monitor their activities when they access your systems to minimise potential vulnerabilities.
7. Encryption and Data Protection: Data should always be encrypted at rest and in transit.

The potential ramifications of insider breaches underscore the significance of adopting a comprehensive security approach. While technological solutions play a pivotal role, security awareness, clear policies, and employee training are equally vital.