Insider threats are a huge risk to cybersecurity in the workplace. However, they’re not always malicious or even intentional. Security breaches resulting from insider threats can be malicious, negligent, or accidental, but they’re damaging all the same. Some of the potential insider threat indicators you can watch out for include:
- A shift in employee attitude toward the overly positive or negative ends of the spectrum
- Unusual network activity, such as employee sign-ins outside of operating hours
- Sudden increases in data traffic or network activity for individual employees
- Access requests that don’t conform to the usual activities of an employee.
In addition to utilizing the best cybersecurity software to protect your business, you need to understand the potential insider threats to your business and how to address them.
In the last 50 years, we have seen massive, unprecedented changes in the way we work and live. However, technology, like everything, has downsides — and security is one of them.
A 2019 report by Thales on cybersecurity shows that cybersecurity problems aren’t getting any better: the vast majority of companies (97%) use data with transformative technologies, and over their lifetime, 61% of these companies will suffer a cyber-breach.
What may surprise you is that many of the threats that turn into full-blown cybersecurity incidents are due to avoidable mistakes made by the workforce. We have a name for these: insider threats, and they’re not always unintentional. In this article, we’ll improve your insider threat awareness and clue you up on some of the most common insider threat indicators.
What Is an Insider Threat?
When thinking about cybersecurity threats, you may picture a hoodie-wearing hacker tapping away at a keyboard in the dark. However, the reality is much more frightening. Insider threats are cybersecurity mistakes made by employees, and according to the Cost of Insider Threats: Global Report, there’s been a sharp, 44% increase in insider threat incidents in the past two years. What’s more the report has highlighted how:
- Containing insider threats is becoming more time-consuming. The time to contain such an incident rose from 77 days to 85 days.
- Most recent data shows how companies suffered a collective $4.6 million loss due to insider threats. This figure is up 65% from $2.79 million in 2020’s report.
- Incidents not contained within 90 days cost an organization far more. Data suggests an annual loss of around $17.9 million on average, annually.
In support of this data, Verizon’s 2021 Data Breach Investigations Report (DBIR) highlighted how insiders were responsible for around 22% of security incidents. Similarly, Kaspersky studied 5,000 global businesses and found that a huge 52% of these businesses were concerned that their biggest threats lay within their workforce.
The message here is clear. In order to protect yourself against avoidable cybersecurity breaches, you need to have thorough insider threat awareness. Luckily for you, that’s exactly what we’re here to discuss. Below, we talk about insider threats in detail, plus some of the most common cybersecurity mistakes made in the workplace and how to avoid them.
Understanding Insider Threats
When thinking about the types of insider threats, there are generally three you should know about:
- accidental insider threats
Then, there are also those that fall into more niche categories.
- Malicious insider threats: A malicious insider is often known as a turncloak. This is an employee or other insider who seeks to cause damage intentionally. They may steal data to sell it off to other companies or competitors, or use it for personal gains. Alternatively, they may simply hold a grudge against their employer and wish to cause financial or reputational damage. These are some of the most dangerous insider threats because they have access to company systems and information.
- Negligent insider threats: Here’s where those disaffected, disengaged employees come into play. Examples of negligent insider threats include employees who engage in risky behavior. For example, they may hold open a secure door for another person, misplace a thumb drive containing sensitive data, or ignore IT policies that recommend updating their computer software.
- Accidental insider threats: Not all insider threats are malicious or even negligent; some can simply be caused when an employee makes a mistake that opens up the business’ systems to malicious actors from outside of the company. These are the most common insider threats and include errors such as using a weak password, falling for a phishing scam, or mistyping an email address when sending company information to another party.
Of course, to know where your insider threats are lurking, you need to understand how to spot them. Below, we’ve included some potential insider threat indicators, and we’ll also move on to how you can protect against insider threats.
What are some potential insider threat indicators?
Unfortunately, it’s not always possible to preempt an insider threat, as these risks arise from employees who largely hold trusted status and legitimate access to systems. However, insider threat detection is important, and there are some potential insider threat indicators that might alert you to impending insider attacks, including:
- Employees who appear to be continually dissatisfied or express a grudge against the business
- An employee who suddenly begins showing excessive eagerness toward their role and taking on more tasks than usual
- Employees who sign into the network at unusual, out-of-hours times (such as in the middle of the night)
- A sudden increase in network or data traffic for a particular user, which may indicate the transfer of large volumes of data
- Unusual system or data access requests or records for employees who may be accessing systems they ordinarily have no business using
How to Protect Against Insider Threats
While insider threat detection isn’t always straightforward, you can take preemptive steps to help protect your business against malicious or negligent actions. Here are some of the most common ways to protect against insider threats:
- Protect business-critical systems and assets. Start by defining your business-critical assets, whether they’re systems and networks, facilities, intellectual property (IP), and customer data. Once you’ve defined this list, work to understand how you can protect these assets using cybersecurity software, security controls, and other policies.
- Ensure you have and are enforcing IT policies. You need to ensure that you clearly set out any company policies that you have around IT and system usage. All employees should be familiar with cybersecurity policies and what is considered proper use of company systems and networks.
- Educate employees and ensure a positive culture. Malicious insider threats commonly stem from disgruntled employees, though they can also originate from unintentional negligence. Ensuring that you promote positive attitudes around cybersecurity is important, as is ensuring employee satisfaction overall.
- Utilize employee-monitoring software to track system usage. There are many software packages you can use that will help you to track user behavior and activity across networks and systems. With these solutions, you can begin spotting patterns emerging when a potentially malicious insider’s actions deviate from the norm for their role.
Other Insider Threats to Your Business
As we’ve discussed above, insider threats are not always intentional. Mistakes or negligence (unintentional insider threats) can also lead to damaging data breaches. Below, we’ve highlighted a few of the common cybersecurity mistakes made in businesses by careless insiders that can lead to a security incident.
1. Password sharing and privileged access
Access control is at the heart of many security incidents and data breaches. According to Centrify, 74% of data breaches are down to abuse of access privileges. This could be something as simple as sharing a password with a colleague.
It could also be caused by a spear-phishing attack that focuses on a specific target with high-level access privileges. Once access is gained, it allows the abuser to steal data, leak proprietary information, infect networks, and generally cause havoc.
How can it be fixed?
There are a number of ways in which you can lock down privileges and control access more strictly to prevent insider threats:
- Use two-factor authentication (2FA) wherever possible to ensure nobody but the nominated individual can access an account.
- If possible, use a risk-based approach to controlling access. For example, apply tighter controls if someone is attempting to access company systems or networks from an external Wi-Fi connection.
- Use security awareness training to ensure that employees understand the importance of choosing a strong password and not sharing them with others.
2. Clicking on a phishing link (or downloading an infected attachment)
Phishing is still the number one way in which malware infects company networks. CISCO’s 2021 Cybersecurity Threat Trends Report highlighted how at least one employee within 86% of organizations had clicked at least one phishing link. According to this data, phishing also represented a huge 90% of data breaches.
What’s more, it’s becoming increasingly difficult to spot phishing emails and spoofed websites. Malicious emails that lead to spoofed webpages can infect machines or steal data, and they are becoming more adept at tricking victims into thinking that they’re safe. By now, over half of all phishing spoof sites use HTTPS to show they are “secure.”
How can it be fixed?
Phishing is a form of social engineering that tricks people into doing a specific thing, like clicking on a malicious link. One of the best forms of protection against phishing is cybersecurity education.
Employ a cybersecurity firm to carry out training for your employees that helps them to spot the signs of phishing. This may also include phishing simulation exercises to train employees. Additionally, your employees should be aware that a website using HTTPS isn’t necessarily a legitimate website.
3. Sharing sensitive data in cloud-based collaboration apps
Many organizations now routinely use cloud-based collaboration portals to share information and work on projects. An increasing number of data leaks, often of a highly sensitive nature, occur via these collaboration apps.
For example, in 2019, a security scan revealed how over 100,000 GitHub repositories had leaked security or API keys. A similar issue was found in Slack, the popular work messaging app.
Slack has also been criticized for security vulnerabilities that allowed session keys to be hijacked and used to access user accounts, giving the hacker access to messages, files, and so on. This vulnerability is fixed now, but this case demonstrates the risk of using online collaboration tools to store and share sensitive information.
How can it be fixed?
Exercise caution around what data you share via online collaboration software. You should also carefully consider which privileges you give to employees who use such tools. Disgruntled employees could potentially use their privileges to leak information about your organization.
This is especially true when they have decided to leave your company or hand in their resignation, as risks can come from both a current and a former employee. Therefore, you should always make sure you remove or limit access to collaboration software accounts promptly when a person is due to leave.
If you’re in the habit of using cloud collaboration software, you should also ensure that you’re using one of the most secure cloud storage solutions possible.
4. Email leaks
Emails are notorious for leaking sensitive and even embarrassing information. Email leaks can be both accidental and malicious.
For example, in 2019, the UK government was embroiled in a data leak linked to the post-Brexit EU Settlement Scheme. Unfortunately, the email used CC rather than BCC and thus disclosed the names of those applying to the scheme to everybody else involved. Although accidental, this email leak was a huge breach of privacy.
How can it be fixed?
Accidents happen, especially when somebody has a busy work schedule. Let’s face it, many of us have probably used CC when we should have used BCC on at least one occasion.
Security awareness training can help to improve employee awareness of the risks of emailing sensitive information. However, you can also use technical measures such as Data Leak Prevention (DLP).
This type of solution uses specific rules to look for keywords and phrases or search for specific attachments within a user’s email draft. It can subsequently quarantine the message or automatically scan them for potential security issues.
Insider Threats Are a Serious, Growing Problem
Hopefully, you’ve gained a decent understanding of what an insider threat is, some common insider threat indicators, and how to protect against insider threats. Of course, it goes without saying that you should always be protected by comprehensive cybersecurity software to minimize the risk of both inside and outside threats too.
While it has aged, there’s a memorable statement made by IBM in 2018 that comes to mind. It accurately sums up the nature of online security, mistakes, and possible breaches:
“You’re more likely to experience a data breach (27.9%) of at least 10,000 records than you are of catching the flu this winter.”
It’s almost impossible to prevent mistakes from happening. In a busy workplace with staff trying to collaborate with each other across platforms within the cloud, keeping our business’ data safe isn’t easy. We can, however, mitigate risk.
Our staff may be a weak point, but they can become our best protection, too. Making employees aware of how a simple action can cause a security incident is a good place to start. Shoring this up with key technologies like two-factor authentication and Data Leak Prevention can bolster your efforts.
Mistakes will likely continue to occur; that’s just human nature. However, you can alleviate their impact by educating everyone within your business and properly utilizing your industry-leading cybersecurity software to protect your assets.
Do you have questions about insider threats and the risks they may pose to your business? Check our our frequently asked questions below.
An insider threat is a threat to your business’ cybersecurity that originates from inside the organization. Usually, this is an employee within the company that has trusted status allowing them to access sensitive systems and/or data. Insider threats are particularly insidious because of this trusted access, allowing them to bypass many of the cybersecurity tools you may have in place.
Common insider threat indicators include:
- Changes in an employee’s attitudes
- Unusual network activity
- Access to unnecessary systems or resources
You might want to read about the different types of insider threats too.
There are generally considered to be three broad categories of insider threats:
- Malicious insider threats are those where an insider seeks to damage a company’s reputation or cause financial loss.
- Negligent insider threats usually result from an insider who neglects to follow IT or other business policies and causes a resulting security breach.
- Accidental insider threats are those such as clicking on a phishing link and exposing the network to hackers or using a weak password.
Check out our detailed piece on insider threats for more information.