As we continue our October Cybersecurity Awareness Month series, we want to be certain our readers understand insider threats since they are prevalent, yet often avoidable.
An insider threat is the potential for someone close to your organization (typically an employee) to misuse their access, wittingly or accidentally, in a way that harms your critical information or systems. The most recent 2020 Cost of Insider Threats Global Report from Ponemon Institute highlights two concerning statistics:
- Average global cost of insider threats rose by 31% in two years, to $11.45 million
- Frequency of incidents spiked by 47% in the same time period
When it comes to insider security threats faced by enterprises and small businesses, there’s a divergence between perception and reality. We’ve been conditioned to always be on the lookout for the dissatisfied employee who commits sabotage, or the criminal staffer who steals confidential data.
The truth is that insider threats can be malicious in nature, or accidental. Here’s a closer look at each type… and you may be surprised which poses a greater risk to your organization.
By the way, if you’d like to start from the beginning of the series, you can back up and learn the differences between malware, ransomware and phishing attacks as well.
Malicious Insider Threats: Uncommon, but Potentially Devastating
Most organizations are aware of the threat posed by malicious outsiders and have aligned security appropriately to manage risk. However, many enterprises and small businesses underestimate the danger posed by malicious insiders; dissatisfied or criminal actors within the organization who use their access to steal, damage, destroy or sabotage data or systems.
Direct employees are not the only source of insider threat risk: A third-party vendor, contractor, or partner also pose a threat. Certain industries and applications have more exposure to malicious insider threats. A recent report revealed that 58% of protected health information (PHI) data breaches in the healthcare sector were caused by insiders.
What is the bottom line? A malicious insider understands what you have of value, how to commit acts that inflict maximum harm possible, and may know how to avoid or bypass controls to compromise your vulnerabilities.
Related Reading: Cloud Security Using Defense in Depth
Accidental Insider Threats: The Real Danger to Organizations
The rogue employee may be the face of enterprise insider risk depicted in films and novels, however the more common danger to organizations is purely accidental. A Ponemon Institute study from 2019 revealed the following:
“Employee mistakes are by far the most significant threat to sensitive data (54% of respondents – more than external hackers and malicious insiders combined).” – source: 2019 Global Encryption Trends Study
Accidents can result from untrained, distracted or complacent employees clicking malicious links or files, improper access from excessive privileges, unintentional destruction of data, or any of an unlimited number of sources.
Related Reading – Least Privilege: Minimizing Permissions to Improve Cybersecurity
Examples of Security Incidents Resulting from Accidental Insider Threats
What does it look like when an accidental insider threat culminates in a security incident?
- An employee at global data management firm Veeam failed to enable password protection on a database and accidentally exposed 445 million records online.
- A misdirected email from an office in the Department of Defense exposed the records and personal information of 21,000+ Marines, sailors and civilians working with the U.S. Marine Corps Forces Reserve.
- A staffer in the Pennsylvania Office of Administration mis-assigned system permissions, which allowed unauthorized access to personal information of 360,000 current and retired teachers.
Accidental Insider Threat Contributing Factors
While every business is unique, accidental insider threats usually result from similar circumstances. Enabling factors that contribute to a high level of risk of incidents due to accidental insider threats include:
- Absence of organizational security leadership or prioritization
- Insufficient employee training or awareness
- Lack of sufficient privilege controls
- Complex IT environments that are not effectively managed
- Increasing amount of sensitive data
Understand How to Reduce Organizational Risk and Protect Against Insider-Based Threats
Avertium innovates cybersecurity solutions for enterprises and small businesses. We provide unparalleled visibility into network users and activities not only on your network, but across the full scope of your IT environment – at work, in the cloud and virtual. Our experts apply their deep cybersecurity knowledge and understanding of business impact to leverage visibility tools, advanced machine learning technologies and business context to detect and manage malicious and accidental insider threats.
Contact us to learn more about our full range of support services designed to add more rigor, more relevance and more responsiveness to your security posture.
5 Ways to Prevent Ransomware
For cyber criminals, ransomware is a lucrative business. For cybersecurity executives, prevention is top of mind.
Get your free infographic to learn the five ways to prevent ransomware.
Eldon Sheckles, Enterprise Consultant
Eldon Sheckles is an enterprise consultant with Avertium. Eldon specializes in helping Avertium customers to apply more rigor, more relevance and more responsiveness in their security posture.