What is an Insider Threat?
An insider threat is a threat that originates inside of your own company. It may be the person sitting across from you or a few floors down, or it may be a disgruntled ex-employee or even a vendor. The point is, anyone with valid access to your network can be an insider threat.
In fact, according to Verizon’s 2019 Data Breach Investigation Report (DBIR), this year, 34 percent of all breaches were the result of insider threats.
A huge part of minimizing insider threats is increased awareness. Along with learning to identify active indicators that someone may be a potential threat, it’s also important to know the most common types of insider threats — which we cover below in today’s Tech Tip Tuesday.
Types of Insider Threats
So, who are the possible actors in an insider threat?
First, is the unintentional insider. This is an insider who through lack of negligence, such as storing company data on an insecure device, or human error, such as clicking on a malicious link, grants access to an attacker.
These are the most common types of insider threats. Why? Because humans are the weakest link in cybersecurity. According to Proofpoint, more than 99 percent of today’s cyberattacks are human activated, and sadly, companies are regularly compromised by employee negligence or social engineering schemes, such as phishing.
Next is the inside agent. This insider has been coerced, recruited, or bribed into handing over sensitive company data to an external threat actor.
Although instances of insider-outsider collusion are rare, a study by Community Emergency Response Team (CERT) found that compared to insiders who act alone, insider-outsider collusion takes longer to detect and is among the costliest category of a data breach.
Last, but certainly not least, is the malicious insider. This is someone with legitimate credentials who willfully steals data or Intellectual Property for personal or financial gain.
Even worse, since they’re familiar with the company, they can easily cover their tracks making detection harder.
Defending against Insider Threats
While there is no one size fits all approach to eliminating insider threats, one thing is clear — you can’t rely on traditional security measures alone.
But, these countermeasures can help you fight back:
- Monitor files, emails, and activity on your core data sources
- Identify and discover where your sensitive files live
- Determine who has access to that data and who should have access to that data
- Use Artificial Intelligence and Machine Learning tools to alert you to abnormal behaviors such as increased login attempts to access sensitive data