The job that security officers and teams undertake can be daunting, even overwhelming, in its scope and scale. There is a vast array of threats that pose a danger to an organization and its data. External bad actors launching attacks on your business are bad enough on their own, but it is equally important to account for the possibility of someone on the inside causing harm. While insider threats can be a concern relevant to any organization, certain industries and businesses are more susceptible to internal risks than others. All organizations should work to protect themselves against insider threats using the tools and measures that work best for them.
What is an insider threat?
According to the United States Cybersecurity and Infrastructure Security Agency, an insider threat is defined as “the potential for an insider to use their authorized access or special understanding of an organization to harm that organization.” These threats can arise from a variety of causes: malicious insiders causing intentional damage, negligent insiders inadvertently harming their organization from within, and credential theft allowing outsiders to obtain insider access to a company’s assets and resources. The danger is complex and dynamic, but a basic understanding of insider threat motivations and sources can go a long way in preventing a serious breach from occurring.
The Ponemon Institute’s Cost of Insider Threats Report shows that insider threats can put organizations out millions of dollars a year, accounting for the financial burden of disruption cost, technology, labor, and revenue losses, among other factors. Notably, while employee or contractor negligence is the least costly type of threat per incident, it occurs more than twice as frequently as malicious insiders or credential theft, and thus contributes more than its fair share to the annual total cost. It is far more costly in the end to remediate an internal threat incident than to prevent it from happening in the first place.
Industries with increased risk
Though all organizations in all industries should be aware of the risks posed by insiders, certain sectors and types of businesses are more susceptible than others. Professional services such as legal and financial services are a prime target for cybercriminal activity due to the amount of sensitive client information they handle and often high revenue. Security measures to prevent attacks from external actors have been ramped up over time, but the risks from both within and without are still formidable. Insider threats are more complicated to guard against, and companies that have robust and layered protection against external actors may still be letting internal risks slip.
The tech and entertainment industries are also at higher risk of internal threat, as new technologies and unreleased media are worth a lot to competitors and criminals alike, creating the perfect opportunity for malicious insiders to steal and sell confidential data, or for external bad actors to take advantage of negligent or vulnerable insiders. Finally, businesses and industries with high turnover rates are at significant risk: up to 72% of employees admit to taking enterprise data when they leave a company, and 70% of intellectual property (IP) theft takes place in the weeks before an employee announces their resignation. It is difficult to keep track of the flow of data and ensure that departing employees are not exfiltrating data when they leave.
Protecting your business
Because of the nature of internal threats, there are several unique challenges to overcome. Whether the threat is coming from a malicious, negligent, or compromised insider, the precursors to an insider breach can be difficult to detect, as the risky behavior tends to blend in with normal and necessary user activities. The saving, editing, copying, and transferring of data is often a fairly significant part of an employee’s job, and there is no foolproof way to differentiate suspicious activity from regular business operations. Internal threats also circumvent traditional threat detection and prevention tools, as many solutions are designed primarily to keep outsiders out and do little to address the risks that are already inside the organization.
Preventing insider threats requires a holistic approach to account for the different types of risks. Solid cybersecurity training and cyber hygiene practices can go a long way toward preventing employee negligence and credential theft, as well as make it easier to detect abnormal behaviors. It is crucial for every insider to understand the part they play in keeping the company and its data safe, and for policies to reflect the gravity of the issue. Beyond that, each organization’s security team should find out what tools are best to deploy against internal threats. Choosing the right tool can “help cybersecurity teams at enterprises monitor and protect their critical data, including data loss prevention, user behavior analytics, file activity monitoring, and risk detection and response.”
Insider threats are a significant issue to contend with, and protecting against them is not a simple task. Internal actors are capable of causing damage through action or inaction, intentionally or unintentionally, and actions that lead to data breaches often look just like normal user behavior. Some sectors are more likely than others to be targeted by malicious insiders or credential thieves, but all businesses in all industries should take insider threats seriously and work to protect against them.
PJ Bradley is a writer on a wide variety of topics, passionate about learning and helping people above all else. Holding a bachelor’s degree from Oakland University, PJ enjoys using a lifelong desire to understand how things work to write about subjects that inspire interest. Most of PJ’s free time is spent reading and writing. PJ is also a regular writer at Bora.