As we continue our October Cybersecurity Awareness Month series, we want to be certain our readers understand insider threats since they are prevalent, yet often avoidable.
An insider threat is a potential for someone close to your organization (typically an employee) to misuse their access, wittingly or accidentally, in a way that harms your critical information or systems. The most recent 2020 Cost of Insider Threats Global Report from Ponemon Institute highlights two concerning statistics:
When it comes to insider security threats faced by enterprises and small businesses, there's a divergence between perception and reality. We've been conditioned to always be on the lookout for the dissatisfied employee who commits sabotage, or the criminal staffer who steals confidential data.
The truth is that insider threats can be malicious in nature, or accidental. Here's a closer look at each type... and you may be surprised which poses a greater risk to your organization.
By the way, if you'd like to start from the beginning of the series, you can back up and learn the differences between malware, ransomware, and phishing attacks as well.
Most organizations are aware of the threat posed by malicious outsiders and have aligned security appropriately to manage risk. However, many enterprises and small businesses underestimate the danger posed by malicious insiders; dissatisfied or criminal actors within the organization who use their access to steal, damage, destroy or sabotage data or systems.
Direct employees are not the only source of insider threat risk: A third-party vendor, contractor, or partner also poses a threat. Certain industries and applications have more exposure to malicious insider threats. A recent report revealed that 58% of protected health information (PHI) data breaches in the healthcare sector were caused by insiders.
What is the bottom line? A malicious insider understands what you have of value, how to commit acts that inflict maximum harm possible and may know how to avoid or bypass controls to compromise your vulnerabilities.
Related Reading: Cloud Security Using Defense in Depth
The rogue employee may be the face of enterprise insider risk depicted in films and novels, however, the more common danger to organizations is purely accidental. A Ponemon Institute study from 2019 revealed the following:
“Employee mistakes are by far the most significant threat to sensitive data (54% of respondents – more than external hackers and malicious insiders combined).” – source: 2019 Global Encryption Trends Study
Accidents can result from untrained, distracted, or complacent employees clicking malicious links or files, improper access from excessive privileges, unintentional destruction of data, or any of an unlimited number of sources.
Related Reading - Least Privilege: Minimizing Permissions to Improve Cybersecurity
What does it look like when an accidental insider threat culminates in a security incident?
While every business is unique, accidental insider threats usually result from similar circumstances. Enabling factors that contribute to a high level of risk of incidents due to accidental insider threats to include:
Avertium innovates cybersecurity solutions for enterprises and small businesses. We provide unparalleled visibility into network users and activities not only on your network but across the full scope of your IT environment – at work, in the cloud, and virtual. Our experts apply their deep cybersecurity knowledge and understanding of the business impact to leverage visibility tools, advanced machine learning technologies, and business context to detect and manage malicious and accidental insider threats.
Contact us to learn more about our full range of support services designed to add more rigor, more relevance and more responsiveness to your security posture.
For cybercriminals, ransomware is a lucrative business. For cybersecurity executives, prevention is top of mind.
Get your free infographic to learn the five ways to prevent ransomware.
Eldon Sheckles is an enterprise consultant with Avertium. Eldon specializes in helping Avertium customers to apply more rigor, more relevance and more responsiveness in their security posture.