We often think of cyber threats as originating from outside of our organizations as hackers try and "break into the system" from a laptop hundreds of miles away, however some threats may be closer to home than we could ever think.
Insider threats are defined as individuals or contractors with authorized or unauthorized access causing harm to an organizations security posture through intentional or unintentional means. These threats don't necessarily have to be malicious in fact they could be due to negligence when an employee clicks on a phishing email. Due to the broad nature of insider threats the consequences of such an attack are numerous and the solution multi-faceted.
What exactly constitutes an insider threat? According to the National Cybersecurity and Communications Integration Center(CISA), an insider threat could include sabotage, theft, espionage, or fraud. This could be through a recently fired employee or an employee who unwittingly provided access through a malicious link. In fact, 43% of reported security incidents were caused by malicious insiders. CISA even provides a list of behavioral indicators that may be an indicator of malicious activity. Such indicators include:
While these indicators are by no means all encompassing they can help establish a pattern if your organization believes an individual to be at risk of becoming a security threat. It is important to spot patterns before they become an issue and be diligent in protecting access to sensitive data. Additionally, it is crucial to monitor privileges when letting go employees as 45% of employees admitted to saving, sending, or exfiltrating files before leaving a job or being let go. Logging and managing who has privileged access is an important step in making sure important data isn't stolen or lost.
Also, insider threats happen more often than one may think. In fact, it seems that these types of threats are only on the rise. Between 2018 and 2020 insider cyber attacks rose by 47% with the average cost of an incident increasing from $8.77m-11.45m. This statistic could only rise with the increased focus on the work from home model, which will likely continue to rise. Make sure your organization is prepared for the possibility of an insider threat disrupting your organization.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.