Photo Credit: © peshkova - stock.adobe.com
What are insider threats?
Insider threats, also known as insider risks, can take multiple forms including malicious or inadvertent employees, contractors, business partners, consultants, former staff and other third-parties. These many faces of threat pose significant dangers to organizations by leveraging the confidential information, strategic assets or authorized access they have been entrusted with to harm a company's data or security, wittingly or unwittingly.
What's worse about risky insiders is that some organizations undermine or overlook them as a security issue at all because they are preoccupied with thwarting malicious threats posed by outsiders, cybercriminals. While both dangers are grave, a recent study by the Ponemon Institute revealed that enterprises spent twice the global average cost of breaches on insider threats in 2017. Furthermore, out of the 159 global organizations in North America, Europe, Africa, Middle East and Asia-Pacific that were interviewed for the study, each company experienced one or more material events caused by an insider.
Key takeaway: No one is immune.
To manage and mitigate insider risks and its associated costs, the first step is understanding the various types of insiders that could leave your environment in disorder. Below we have outlined five egregious models of risky insiders:
1. Negligent insiders
Some employees may unintentionally avoid cybersecurity awareness training or security announcements because they are focused on completing their daily tasks. These are considered as the most precarious employees because their behavior is often consistent. According to Ponemon's study, 64% of insider-related incidents were caused by negligent insiders over the past 12 months. At the opposite end of the spectrum, there are unhackable employees that complete security training and help prevent and protect their employers from cyber-related incidents.
2. Inadvertent Insiders
These types of insiders come from employees who respect and comply with policies and participate in all the company’s security training, but they cause costly breaches due to an error or some misjudgments. For example, saving sensitive business data in personal devices or transferring information to personal accounts.
3. Malicious Insiders
Malice, greed and corrupt motives combined with the election to enact inappropriately are what maketh a deliberate insider. For example, motivations for monetary rewards or personal gains cause this category of employees to misbehave and share company information with external parties, such as hackers or competitors. Perhaps you've poured millions of dollars into product enhancements, spent massive resources to fortify perimeter defenses and dedicated decades to building strong client relationships and your company's prestigious reputation. However, if the adversary is within, all that is gone and useless in the blink of an eye.
4. Collaborative insiders
This category of insider is unique in that it involves multiple accomplices, both internal and external to an organization. In this scenario, numerous employees, or employees and third-parties are operating in tandem with criminals. This collaborative effort increases opportunities to perpetrate fraud, bypass security controls and restrictions, and conceal the crime longer. According to a recent CERT study, collusion incidents committed by collaborative insiders have a duration that is nearly four times that of an adverse event caused by one insider. The study also found that although this is the rarest type of insider, it is among the hardest threats to detect by enterprises.
5. Indignant Insiders
Gartner reported that 29 percent of employees tend to steal information after quitting or being fired. Indignant insiders are often attributed to ex-employees who have motivations for rewards, personal gains or revenge. This group of insiders usually start to gather data once they decide to resign or after being told to leave.
Has your organization built and implemented an insider threat program?
With a wide variety of human behaviors, there is no single solution for overcoming insider risks. However, a multifaceted, layered approach to cybersecurity risk management will help combat insider threats. Align CybersecurityTM, Align's comprehensive risk management solution and award-winning Cybersecurity Advisory Practice, helps leading firms worldwide to design and implement a meaningful Cybersecurity Program that effectively cascades through the enterprise and fully integrates a customer's risk management objectives. Through cybersecurity education, empowerment and accountability, with state-of-the-art tools and fully custom “white-glove” training, Align enables enterprises to effectively combat insider threats and change poor security habits into intelligent cybersecurity behavior.
Align Cybersecurity offers tailored, advanced cybersecurity solutions encompassing Vulnerability Assessments/Penetration Testing, Cybersecurity Risk Management as a Service (Align Risk CSR), Customized Cybersecurity Programs, Third Party Management, Managed Threat Protection (Align Guardian), Cybersecurity Training and more.