3:00 min read
Insider threats are a hidden and yet obvious peril. They are human security risks to an organization’s cybersecurity from those who have authorized access to the company’s data and computer systems. They are the biggest cause of security breaches in companies. They are also difficult to deal with and costly to remediate.
A 2016 Cyber Security Intelligence Index by IBM reported that 60% of all attacks in organizations were carried out by insiders. In the US, it is estimated that 2500 internal security breaches occur in firms daily, yet only 1 in 5 of IT professionals consider them a priority when addressing security issues.
Who are the insiders in your organization?
Any trusted or privileged user in your system is a potential, even when unintentional, threat. They include:
Employees: Your workforce is your greatest asset, and yet they present a huge threat to the security of your organization. They may leak sensitive data due to negligence, ignorance, or misuse it intentionally for personal gain. Hackers target them on a daily basis in an attempt to compromise or steal their credentials.
Former employees: If their user access credentials were not disabled upon being laid off, terminated employees can still access systems and data. Some may take sensitive data with them when leaving while others may attack your business via malware, conversant with your security practices and thus your known vulnerabilities.
Third parties: This group comprises partners, remote employees, third-party vendors, and sub-contractors. They access your data but you may not know how secure their systems are. It is also hard to establish if they have any ill motive.
Types of Insider threats
Insider threats are grouped into two broad categories, inadvertent and malicious.
Inadvertent insider threats: These breaches are caused by insiders who have no malicious intent. They may result in data loss, damage to your infrastructure, or unauthorized disclosure of confidential and sensitive information. Everyday situations involve negligence, convenience, human errors such as accidental deletion of files, unintentionally aiding someone with malicious intent, phishing, or someone accessing your systems using stolen employee credentials.
Malicious insider threats: Malicious breaches are intentional, and they are meant to harm your organization. The motivation for malicious threats may be personal vendetta, competition, or financial gain. They include theft of intellectual property, fraud, corporate espionage, and sabotage.
Why are insider threats so rampant?
It is easier to overlook risks posed by insiders. Training employees takes time, and time away from other projects. Most budgets for IT emphasize making infrastructure and databases impervious to hackers and malware.
Breaches or data leaks can go on for months before they are discovered. And when employees routinely work with sensitive data, intellectual property or customer information, it can be difficult to know which interactions are harmful or not. Employees who infiltrate systems with malicious intent also cover their trails by editing or deleting implicating logs. And without egregious harm it can be difficult to prove intent. Mistakes do happen.
And there are innocent, ignorant users in organizations. These insiders pose the most significant security risk to their firms. According to a report from Forrester, 36% of security breaches in companies stem from careless or ignorant user actions. Another report revealed more than 50% of employees don’t think it is risky to share their work login information. Some employees even leave their workstations without logging out of their user accounts, giving malicious insiders the opportunity of using their credentials to sabotage systems or obtain sensitive data.
True crime stories aside, there are ways to help. Wombat’s User Risk Report outlines issues and helps for training employees – in ways that make an actual difference.