An insider threat is a potential for someone who has or has had authorized access to an organization’s assets to act in a way that could harm the organization, either maliciously or unintentionally, according to the Carnegie Mellon Computer Emergency Response Team (CERT).
Insiders can include current or former workers, independent contractors, or other dependable business associates. Unlike external threat actors, insiders do not need to get past firewalls, virtual private networks (VPNs), and other perimeter security defenses. Insiders have direct access to networks, computer systems, and confidential company information because they operate within a company’s security circle of trust.
Insider threats are more common than you might realize. According to the Netwrix 2018 Cloud Security Report, 58 percent of businesses blame insiders for security breaches. The majority of security incidents are caused by employee negligence.
According to the Ponemon Institute’s 2018 Cost of Insider Threats study, employee or contractor negligence accounted for 64% of reported insider incidents, while 23% involved criminal insiders and 13% involved credential theft.
Misconfigured cloud servers, staff members storing confidential company information on their own unsecured personal devices and systems, and staff members or other insiders falling for phishing emails that resulted in malicious attacks on company assets are a few examples of common scenarios behind insider threats.
Types of Insider Threats
- Negligent – Insiders’ negligence can expose an organization to a threat. These insiders are typically aware of security and/or IT policies, but they disregard them, putting the organization at risk. A few instances include letting someone “piggyback” through a secure entryway, losing or misplacing a portable storage device that contained sensitive data and disobeying instructions to install security patches and new updates. Careless insiders tend to be complacent and deliberately break the law; they display actions that can be seen and corrected.
- Accidental – Even the best employee may make a mistake that puts the company at unintended risk because they are unaware or naive. Examples include typing an incorrect email address and unintentionally sending a confidential business document to a rival, carelessly or accidentally clicking on a link, opening an attachment containing malware, or improperly discarding confidential documents. Accidents can’t be completely prevented, but they can be minimized, and organizations can do a good job of reducing their frequency.
Insiders may purposefully act to harm an organization for their own gain or to address a grievance. Some deliberate insiders are driven by ambition, financial pressure, or resentment over a perceived grievance. Others might want attention and recognition, so they put themselves in danger or reveal private information. They might even believe they are acting in the interests of everyone. For instance, many insiders have been motivated to “get even” by leaking confidential information, harassing coworkers, sabotaging equipment, or engaging in violent behavior due to unmet expectations caused by a lack of recognition (e.g., promotion, bonuses, desirable travel). Others have committed intellectual property or proprietary data theft to advance their careers.
Intellectual property and proprietary information may be lost due to insider threats. Attack-related system outages have a negative effect on business productivity. Customer harm or data loss can also erode trust in a company’s services. Containment, remediation, incident response, investigation, post-incidence analysis, escalation, monitoring, and surveillance are necessary when dealing with insider security incidents. These activities may significantly increase the workload and security budget for a company. According to the Ponemon Institute, the average cost of insider incidents for the companies it surveyed in 2017 was over $8.7 million, with the maximum cost reaching $26.5 million.
Countermeasures against insider threat
The effects of insider threats can be lessened by reducing insider negligence. The steps listed below can assist in resolving the security issues caused by careless users and administrators.
- Security employee training and education: Train your security teams to install, configure, and monitor your systems, networks, devices, and backup devices properly.
- Regular employee training awareness: Give your staff training on handling security risks like phishing and safeguarding company data they bring on their laptops and mobile devices outside the office. Oblige users to use secure passwords and to change their passwords frequently. Remind staff members of the consequences of engaging in malicious activity.
- Fixing misconfigured cloud servers: Conduct regular audits of both on-premises and cloud servers, and then fix any deviations from the overall organization’s secure baseline.
- Restrict access to critical systems: Ensure that only those employees with the necessary training can manage the administration of mission-critical computer servers are allowed access to privileged access security systems and central servers. Observe all server access, regardless of privilege level.