The enemy within: Insider threats explained  

What are insider threats? While organizations continue to invest heavily in their defensive strategies to deal with threats from outside their companies, insider threats can actually pose a much bigger problem. Insider threats are cybersecurity incidents caused by users who have authorized and legitimate access to an organization’s assets.

Unlike external cyber threat actors, insider threats can be anyone in the organization. They can be disgruntled employees who are looking to have a go at the company or even a senior-level executive with privileged access and an espionage agenda. Some insider threats can be unintentional. For example, an employee may inadvertently download malware onto a company device or fall for a phishing scam that may lead to a data breach.

As such, Gartner categorizes insider threats into four categories. They include:

• The pawn – employees who are unaware and manipulated into performing malicious activities like inserting a flash drive or opening a harmful email.
• The goof – ignorant or arrogant users who just don’t take security policies seriously. These are often folks that are mostly responsible for internal cyber threats.
• The collaborator – employees who cooperate with outsiders for espionage reasons and normally do it for financial or personal gain.
• The lone wolf – nothing is more dangerous than a silent, independent insider threat. Not only does the lone wolf involve employees with high levels of privilege, but they also tend to act without any external influence or manipulation.

Former employees can also be considered insider threats if an organization does not remove their access once they leave the company. Insider threats can also be external employees who have been given access to company information.

Cost of insider threats

The impact of insider threats can be significant, and the consequences far-reaching. When an insider threat occurs, it can lead to the theft of sensitive information which can be sold on the dark web. Not only does this lead to financial losses, but it can also damage an organization’s reputation and lead to compliance violations resulting in legal actions and fines.

According to the 2022 Cost of Insider Threats: Global Report by Ponemon Institute, insider threat incidents have risen 44% over the past two years. The costs per incident have also gone up more than a third to US$15.38 million.

Cybersecurity vendors mostly focus on external threats, as internal threats can occur at any time in the organization. The report also highlighted that the time to contain an insider threat incident increased from 77 days to 85 days, leading organizations to spend the most on containment. For organizations that took more than 90 days to contain an incident, it cost them an average of US$17.19 million on an annual basis.

Mitigating insider threats

As insider threats are hard to predict, organizations need to ensure they are prepared to deal with the problem by taking a comprehensive approach. Here are a few ways:

• Enforce a zero-trust security framework. While insider threat devices may already be verified, zero-trust provides an organization with added visibility, especially when it comes to validating users and knowing what information they are accessing.
• Businesses also need to map accessible data. Trust mechanisms need to be established, especially in granting and revoking access, particularly for new and former employees.
• Companies also need to have policies on devices and data storage. Allow employees to only use company-issued devices and ensure all external drives are well secured.
• Employee behavior needs to be observed. Often times, disgruntled employees will show risky behavior. Organizations need to take action on these, including removing complete access for the employee.

In conclusion, while upgrading cybersecurity defense externally is essential, organizations also need to continue to focus on their employees. Both external and internal threats can be costly affairs for organizations if the right steps are not taken to deal with the issue. Businesses need to take a proactive approach toward cybersecurity if they wish to avoid any incidents.

---

---

---