Insider threats are fast becoming the biggest risk to businesses today. Due to many business transactions taking place online, particularly with the increase in remote working, significant threat is posed to businesses. Many organisations are recognising the need for robust security solutions to manage and secure network access for all employees and prevent intentional and unintentional data breaches.
A report from Clearswift found that 58% of all data security threats come from the extended enterprise including employees, ex-employees and trusted partners. According to the Ponemon Institute, the average financial impact of an insider threat is reported to have risen 31% since last year to $11.45 million in 2020. The frequency of these incidents also increased by 47% over the same period.
What is an insider threat?
The Ponemon Institute defines insider threats as: a careless or negligent employee or contractor, a criminal or malicious insider, or a credential thief.
Who should be concerned about insider threats?
Insider threat is a growing issue that many companies would prefer not to acknowledge, but these threats are an actual risk for all organisations, whether it be SMEs, large corporations, or the public sector.
Different types of insider threat
In the 2019 Verizon Data Breach Incident Report, five insider personalities are identified:
- The careless worker: These are employees, or partners, who misappropriate resources, break acceptable use policies, mishandle data, install unauthorised applications, and use unapproved workarounds. Their actions are inappropriate as opposed to malicious, many of which fall within the world of shadow IT; ie, outside of IT knowledge and management
- The inside agent: Insiders recruited, solicited, or bribed by external parties to exfiltrate data
- The disgruntled employee: Insiders who seek to harm their organisation via destruction of data or disruption of business activity
- The malicious insider: These are employees, or partners, with permission to log into corporate assets and who use existing privileges to access information for personal gain
- The feckless third-party: Business partners who compromise security through negligence, misuse, or malicious access to, or use of, an asset.
How to prevent insider threats
- Educate employees about the risks. Ensuring users are armed with the knowledge to avoid common mistakes could prove invaluable to an organization
- Even with the best training in place, it’s also critical to have clear and understandable cybersecurity policies and procedures that protect the organisation from common, yet risky, user activities
- Control and restrict access to confidential and sensitive information and customer data on a need to know basis
- Increase monitoring and logging of sensitive areas, systems and data
- Monitor behaviour, including use of external storage devices, cameras and smartphones in sensitive areas
- Disable access for activities deemed inappropriate, malicious, or otherwise posing organisational risk.
The key to avoiding insider threats is to know what your assets are and be aware of who has access to them.
For further advice on how to identify security gaps and mitigate risk of insider threats or to discuss what to do in the event of a data breach, please contact us on firstname.lastname@example.org.