Insider threats are the most difficult to detect because they occur inside your network. They account for roughly two thirds of all compromised records and sixty percent of cyberattacks. Employee negligence resulted in an estimated two billion exposed records in 2018. Insider threats also cause the costliest data breaches.
If you’re going to upgrade your processes and equipment, take the following steps to protect against the most likely threats.
The Inadvertent Insider
Inadvertent insiders typically follow company policies, but they cause breaches when they make a mistake. They are the single most expensive category of risk. Their mistakes may include storing intellectual property on insecure devices or falling for a phishing scheme.
If you think your business has been the victim of man in the middle attacks, malware infections or misconfigured servers, a service like Secure Forensics could help you find out what happened and recover the data. They’ll identify the users and devices involved, preserve the data from them, examine them for key information and help you determine what happened and how to prevent it from happening again.
Insider collusion is one of the least common forms of insider threat, but it remains one of the most dangerous. It is when your employee or contractor works with the malicious external threat actor.
A CERT study suggested that just under a fifth of insider collusion incidents involved an insider working with an outsider. Another fifty percent included two or more employees colluding together. About a third of these cases involved fraud, while a fourth involved intellectual property theft.
These insider threats are serious because they have the highest average price tag and take four times longer to detect than an insider working alone.
The term ‘second streamer’ is applied to people who are stealing data as a source of supplemental income. Around two thirds of insiders with malicious intent fall into this category. Note that they’re rarely senior citizens or senior leaders in the organization, though almost one in seven are in leadership. One third has access to sensitive data and is trying to monetize it.
These individuals or groups will exfiltrate data slowly to personal accounts, making it harder to detect them relative to massive data exports that tend to trigger traditional network monitoring software. Data protection and network monitoring can be used to protect against this sort of threat.
Disgruntled employees are those who are deliberately sabotaging systems or committing intellectual property theft. One industry study found that nearly a third of criminal insiders were disgruntled employees looking for future gains after they quit or were fired. Another ten percent just wanted to cause damage.
Employees in this category often follow a pattern. They may start digging for access to information they could use. Others will start acting the moment they give notice, collecting trade secrets they may sell or use. Ongoing monitoring and intelligent data analysis can help find these individuals. Behavioral analytics may identify someone acting in this way at an early stage, too.
Insider threats are the most difficult to defend against, but you can’t afford to ignore them. Learn about these threats and the ways to mitigate the damage they can cause to help protect your business.