As per the 2019 Verizon Data Breach Investigations Report, around 34% of all data breaches involve internal actors. Also, 17% of all sensitive files were accessible to every employee, as mentioned by the 2019 Varonis Data Risk Report. Additionally, cyber attack statistics published by Parachutetechs.com show that the number of security incidents involving insiders is up by 47% since 2018.
Insider threats are a big problem for organizations in all industries, and the main reason for that is that they’re hard to detect. A person who causes such issues could be anyone, from an average employee to a rascal business partner. Besides, all the insiders have legitimate access to sensitive data, which makes finding the intruder several times harder.
Also, insider threats cost organizations twice higher than the average breaches. Since insiders have motives, capabilities, and motivations to cause instability, this problem has to be addressed and emphasized.
That’s why this article will focus on this widespread problem to help the companies avoid dealing with the aftermath of insider threats.
First things first, let’s understand the meaning of this term.
An insider threat is a security risk posed by a person or a group of people from within an organization. These can be current or former employees, contractors, and partners. They have legitimate user credentials, which they misuse to access the detriment of the company’s networks, systems, and data. It can be executed both intentionally and unintentionally.
Data confidentiality, availability, and integrity, alongside enterprise systems, are compromised, whatever the primary intent is.
In general, insider threats can be divided into two types: those of malicious and negligent nature.
The first one implies that a criminal insider, either alone or in a group, collaborates with external threats actors, for example, competitors or hacking groups, to achieve the desired result.
As for the second one, the negligent threats, they result from unintentional employee errors. These can be sharing data on unsecured devices, falling victim to phishing emails, or ignoring the need to adhere to multi-factor authentication.
The mentioned types of insider threats can be divided into further groups:
This type is also known as a turncloak. Usually, this is an employee or contractor who maliciously steals data. It’s someone who has legitimate credentials and is supposed to be on the network. The motives are different, but the most widespread is stealing information for financial or personal incentives.
This can be a former employee who has a grudge against one’s employer or someone who is in a position where they can sell information to the competitors. Turncloaks are in an advantageous position because they’re aware of the company’s security policies and procedures, as well as its weak points.
This is a person who unknowingly poses a system at risk to outside threats. This is probably the most frequently occurring type of insider threat, which results from mistakes. For example, a person might leave a device exposed or unintentionally click on a random, insecure link, infecting the system with malware.
A person who is both an insider and an outsider is called a mole. This is someone who is technically an outsider but has gained some insider’s privileges, for example, as an employee or a partner. A mole has access to relevant information and has all the means to do some harmful activities.
Collaborators are the ones who work with a third party to harm the company and leverage the privileges of authorized users. They can cooperate with competitors, individuals, organized criminal networks, or other actors who can benefit from the leak of confidential information in a specific organization.
Social engineering is a serious and effective tool for manipulating people and making them act maliciously. Criminals often use spear phishing to make their victims download certain files or disclose secret information.
These incompetent or arrogant users understand they might be doing harmful actions but have no malicious intent. Goofs don’t follow the security rules and policies, often storing confidential information and personal devices even though they’re aware it’s against company policy.
- In 2018, a Facebook security engineer was fired after the company accused him of exploiting privileged information. He misused the privileges his position gave him to stalk women online.
- In 2018, a Tesla company was harmed by an employee who sent proprietary information to third parties, sabotaging the organization’s systems.
- In 2020, a Google employee was accused of stealing trade secrets from the company’s self-driving car division and sending them to his new employer, Uber.
- After being laid off due to the outbreak of Covid-19 and receiving his final check, a former employee has decided to hack the company’s computer network. He granted himself administrator access, and after that, he has edited and deleted about 120,000 of a medical device packaging company. Needless to say that this caused significant delays in the organization’s work and its inability to ensure timely delivery of the equipment to healthcare providers.
- In July 2020, an employee who has been working for General Electric for 8 years had exfiltrated about 8,000 sensitive files from the company’s system during his career at GE. He intended to use these files and trade secrets to start a rival company.
To avoid dealing with the unexpected consequences of insider threats, you can take action now. Besides, although insider threats were present before the global shift to remote work, they have become even more elaborate.
So, whether your in-house team works from home, you have outsourced employees, or you wonder “what is outsourcing in the first place,” make sure to create a ready-to-use insider threat defense and response plan.
Make sure your plan includes the following steps:
What are your company’s critical logical and physical assets?
Identify them and ensure the protection of each of them, based on their priority and the impact they have on your organization’s performance.
These can include network systems, confidential data, facilities, and people. You should give the highest level of protection to the highest priority assets.
The clearly documented organizational policies will help you encourage the employees to follow them and decrease the level of misunderstandings. Make certain that each team member understands the security procedures and one’s rights regarding intellectual property. Underline the policies that cover the sharing of privileged content.
Many companies that have fallen victim to insider threats admit that the lack of visibility over insider misuse hindered them from rapidly addressing the issue.
So, consider using cyber deception solutions that can create traps to lure out malicious insiders. They also help to track the employees’ activities to understand their harmful intentions, if any.
Forewarned is forearmed, right?
If you educate your employees regarding security issues and combat their negligence, you won’t have to spend a fortune dealing with the consequences of the mentioned negligence. In this way, you’ll also address the roots of malicious behavior and encourage employees to notice and address the early signs of discontent.
Despite the general disenchantment, insider threats are here to stay, and the only way to combat them is to create and stick to the threat defense and response plan. Don’t rely on a single solution and constantly update your organizational policies. Also, make sure to raise awareness among the employees about this type of cyber attack and encourage them to address the suspicious activities.